Cambridge Analytica may have had access to private Facebook Messenger messages

Facebook has started to help users figure out whether or not they’ve been affected by the Cambridge Analytica scandal, and detailed in the company’s notification is the fact that Facebook users may have also had their private messages leaked to Cambridge Analytica.

As pointed out by researcher Jonathan Albright, the vulnerability dates back to the first version of Facebook’s Graph API, which allowed apps to request massive amounts of users’ friends info with a single prompt. Once permission was granted, apps — like Cambridge Analytica — could continue to pull data for years until either the app was deleted or when Facebook finally killed the 1.0 version of the Graph API for a more limited 2.0 version in 2015.

Included in the data that those early Graph API apps could pull was the ability to read users’ private Facebook messages through a “read_mailbox” API request.

Facebook confirmed to Wired that a relatively small number of Facebook users gave access to Messenger — only 1,500 people gave the “This Is Your Digital Life” app permission to access the data, but anyone who messaged or received messages from those 1,500 people could also potentially be impacted.

Update April 10, 2:55pm: Cambridge Analytica has denied that it had access to private message data.


This deal is getting worse all the time

Pray they don’t alter it any further

I hate the way these dramatic headlines seem to point the blame at Cambridge Analytica. 100% of the blame for any of this lies with Facebook, and Zuckerberg has basically admitted this.

Headline should read: Facebook sold access to private Facebook messages to anyone and everyone.

Technically speaking, Facebook didn’t sell the data, they gave it away for free to "academics" who promised with a pinky swear that they wouldn’t use it for profit. I’m not saying this to defend them. I actually think their handling of this (and the lack of policing of this data) makes it even worse.

I don’t know why Cambridge Analytica hasn’t just shut up at this point.

They’re not winning, they can’t win, and the insistence that they did nothing wrong is going to get them shredded in the EU.

Leave it to the EU to whip these companies in shape when they act out of line.

View All Comments
Back to top ↑