Facebook has revealed another shocking fact that Cambridge Analytica, which usurped over 87 million users’ data, could have accessed the private Facebook messages of users who were affected.
This fact was quietly slipped by Facebook in the data leak notifications sent out to CA scandal victims since Monday. These notifications allowed users to check what kind of information was harvested by This Is Digital Life app.
The disclosure issued by Facebook to victims read: “A small number of people who logged into ‘This Is Your Digital Life’ also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you.”
A Facebook spokesperson also confirmed to Wired, that the app could pull users’ private inbox messages through “read_mailbox” API request.
Even though the company claims that only a small number of 1,500 people permitted the app to access their Messenger. It also means that anyone who exchanged messages with those 1,500 people was affected, thereby increasing the actual number of affected users.
A researcher named Jonathan Albright found the vulnerability from the first version of Facebook’s Graph API, which apparently allowed apps to extract huge amounts of data on a users’ friends.
In fact, once a user granted the permission to an app like Cambridge Analytica’s, it could continue to suck data for years until the app was uninstalled or when Facebook finally discontinued the version of Graph API, that is until late 2015.
However, Cambridge Analytica has denied the allegations that it could access users’ private messages from Facebook.
GSR did not share the content of any private messages with Cambridge Analytica or SCL Elections. Neither company has ever handled such data.
— Cambridge Analytica (@CamAnalytica) April 10, 2018