I'm using the search graph API to search for users by email. Here's an example of how I do that:

GET  https://graph.facebook.com/search?q=Sample%40gmail.com&fields=name%2clink%2ceducation%2cid%2cwork%2cabout%2cpicture&limit=2&type=user&access_token=...

Before the July 2013 Breaking Changes it was working fine. Once I enabled the breaking changes I start getting HTTP 403 saying that that the access token is not valid.

HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=UTF-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
WWW-Authenticate: OAuth "Facebook Platform" "insufficient_scope" "(#200) Must have a valid access_token to access this endpoint"
X-FB-Rev: 798183
X-FB-Debug: lZPVbdTmZrCo+Bde/MNEXy/halUzQx7qIDW5aiZeT0g=
Date: Mon, 29 Apr 2013 07:25:29 GMT
Connection: keep-alive
Content-Length: 120

{"error":{"message":"(#200) Must have a valid access_token to access this endpoint","type":"OAuthException","code":200}}

Once I remove the %40 (@ sign) or the '.com' part from the request I get a normal HTTP 200 results. The problem is, that it's not what I'm looking for. I want to be able to search for users by email the way I was able before.

Example of requests that does work:

GET  https://graph.facebook.com/search?q=Samplegmail.com&fields=name%2clink%2ceducation%2cid%2cwork%2cabout%2cpicture&limit=2&type=user&access_token=...
GET  https://graph.facebook.com/search?q=Sample%40gmail&fields=name%2clink%2ceducation%2cid%2cwork%2cabout%2cpicture&limit=2&type=user&access_token=...

As 林果皞 said. This is a bug in the graph API. I filed a bug here: https://developers.facebook.com/bugs/335452696581712

have you try FQL?

SELECT uid,username,first_name, middle_name, pic,pic_small, pic_big, pic_square, last_name,name,email,birthday,birthday_date,contact_email,current_address,current_location,education,hometown_location, languages, locale,profile_url,sex,work FROM user where contains('youremail@example.com')

Search by email works fine to me (Access token just granted basic permissions enough):

https://developers.facebook.com/tools/explorer?method=GET&path=%2Fsearch%3Fq%3Dlimkokhole%40gmail.com%26fields%3Dname%2Clink%2Ceducation%2Cid%2Cwork%2Cabout%2Cpicture%26limit%3D2%26type%3Duser

Update:

Recently Graph API explorer app already enabled "July 2013 Breaking Changes". So the example i've shown above whouldn't work anymore.