In a blog post, Facebook announced that they found a bug in their software that may have exposed a great deal of personal user account information. They state that the bug affected approximately six million accounts and e-mail addresses or telephone numbers were shared.
The blog went on to state;
We've concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal or financial information were included and only people on Facebook - not developers or advertisers - have access to the DYI tool.
They claim that they have no evidence that the bug has been exploited, and they have received no complaints from users to indicate anyone has seen any problems. They are currently sending out e-mail notices to all the affected accounts warning people of the security breach.
This, of course, is one of the reasons that you want to be very judicious about what personal information you put on social networking sites.