If you thought the torrent of Cambridge Analytica revelations might finally be coming to an end, we have bad news for you. Earlier this week, notifications began appearing at the top of News Feeds to let users know if they used the This Is Your Digital Life quiz app, which is the app that allowed the data firm to harvest information from up to 87 million users. As it turns out, the app also asked for permission to access private messages.
“A small number of people who logged into ‘This Is Your Digital Life’ also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you,” Facebook said in a missable note.
Everyone received this warning because even if you never actually used the Cambridge Analytica app, any messages you exchanged with a friend who did could potentially be seen by the data firm. Facebook confirmed to Wired that the app requested access to the inbox using the “read_mailbox” permission. That may sound suspicious, but in practice, “messages” would have just been included in a list of bullet points alongside wall posts, contacts and other benign permissions that virtually every app on the planet asks for when connecting to Facebook.
Facebook tells Wired that 1,500 users granted This Is Your Digital Life permission to read their private messages, but anyone who sent or received messages to or from those 1,500 users could potentially be affected as well.
For what it’s worth, Cambridge Analytica denies accessing private messages at all: “GSR did not share the content of any private messages with Cambridge Analytica or SCL Elections. Neither company has ever handled such data.”
Regardless of whether or not Cambridge Analytica did actually access our private messages, the fact that Facebook is only now letting users know that their intimate conversations may have been read by a data firm they unwittingly gave access to their inboxes will make the recovery even more difficult for the company.