Maybe it's OAuth revealing that facebook only email address, if "login using facebook" is ever used in a 3rd party site? (I somewhat doubt anyone who goes to the lengths of using a FB-specific email address would fall for the privacy scam of using login with facebook through...)
I would guess that there are 3rd party companies who's business is to match cookie values behind the scenes to email / phone / address / demo data and re-sell it, or sell access to the aggregate db.
Hopefully a federal privacy law will clarify if this is legal at all.
There's a third possibility: The advertiser guessed the email address.
Well, in this case probably not. Though I wrote "facebook@domainiown.example" above, it's really more like "myrealfirstandlastnamefacebook@domainiown.example." So the chances of it being guessed are infinitely small.
Why would Facebook lie about the data source? They released this information voluntarily.
It's possible that Facebook has been hacked or the above posters used Facebook connect to login to a third-party service that leaked the email addresses.
i wouldn't call that voluntarily. they have been pressured to be more transparent for quite some time. if it was up to facebook, they would hide these kind of information even more.
This seems like a really good starting point for an investigation against Facebook!
Anyone else wants to steelman Facebook before I and other become too excited? Because right now I don't see any other options.