Oh Facebook - couldn't this have come at a better time? Mere weeks after news of NSA's PRISM project being leaked, which is said to involve tight integration with the likes of Facebook and other popular Web entities, we learn of a bug that caused six million user's worth of phone numbers and email addresses being exposed over the past year.
The New York Times reports that the cause was a "technical bug", and so far, Facebook has seen no evidence that it was exploited or used maliciously. What it does mean, however, is that if anyone synced their Facebook account to their phone or any other device, they would have obtained additional information that they shouldn't have. With this wording, it seems clear that the information could not be obtained unless one of these affected people were actually on your friend's list.
Despite the breach being admittedly limited (6 million users is much less than 1% of Facebook's global userbase), Facebook admits that it's "still something we’re upset and embarrassed by, and we’ll work doubly hard to make sure nothing like this happens again." Such a statement is to be expected, but as users, we can never be truly confident that our data is 100% safe with these services as it should be. It's not so much Facebook's fault, because this risk exists everywhere - Google, Yahoo!, MySpace, all potentially vulnerable.
That said, in this particular case there is no simple solution. You can't remove an email address when it's required to use the account, and likewise, removing your phone number will just cause Facebook to nag you to death - it wants it there in case you lose access to your account. Let's just hope the company fulfills its promise of making sure this doesn't happen again - at least to the best of its ability.