[carnagii]

The statute says "anything of value." Here the thing of value would be a person's contact list. The attempt to gain this thing of value through deceit (telling the person you are trying to verify their account and using the access they give you to steal their contact list) would be the fraudulent act.

The fact that Facebook put a system in place to obtain these contact lists is evidence on its own of their value, but that value could also be quantified without much difficulty.

The only real question is: was dropping the consent form without removing the feature an honest mistake or was it done because somebody decided it would result in a lower bounce rate and thus more money for Facebook.