Facebook has revealed another shocking news that Cambridge Analytica, which has accessed 87 million users’ data, also could have accessed the private inbox messages of some of those affected. Facebook slipped this previously undisclosed detail into the notifications that began appearing at the top of News Feeds on Monday. These alerts let users know whether they or their friends had downloaded a personality quiz app called This Is Your Digital Life, which would have caused their data to be collected and potentially passed on to Cambridge Analytica.
A researcher named Jonathan Albright found the vulnerability from the first version of Facebook’s Graph API, which apparently allowed apps to extract huge amounts of data on a users’ friends.
Researcher said “the vulnerability dates back to the first version of Facebook’s Graph API, which allowed apps to request massive amounts of users’ friends info with a single prompt. Once permission was granted, apps — like Cambridge Analytica — could continue to pull data for years until either the app was deleted or when Facebook finally killed the 1.0 version of the Graph API for a more limited 2.0 version in 2015.
Included in the data that those early Graph API apps could pull was the ability to read users’ private Facebook messages through a “read_mailbox” API request.
The disclosure issued by Facebook to victims read: “A small number of people who logged into ‘This Is Your Digital Life’ also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you.”
But, Cambridge Analytica has denied the allegations that it could access users’ private messages from Facebook.