Latest in Gear

Image credit: Engadget

Cambridge Analytica might have accessed private Facebook messages (updated)

1,500 people gave permission, but that could affect many more users.
443 Shares
Share
Tweet
Share
Save

Sponsored Links

Engadget

Facebook just began notifying people if their information was accessed by Cambridge Analytica yesterday. Soon after, the social media company created a Help Center page that you can check to see if you were one of the affected members who logged into quiz app This Is Your Digital Life. Apparently, doing so not only shared your News Feed, timeline and posts, but also your private messages.

Facebook confirmed to Wired that the app used a read_mailbox permission, which, unlike other sensitive permissions that Facebook phased out in April of 2015, didn't fully deprecate until October of that same year.

Wired reports that while users would have needed to give their permission for the app (and hence Cambridge Analytica) to access their message inboxes, the request would have likely been hidden in with a bunch of other permission requests, which users may have missed when "agreeing" to share their data. Facebook says that a total of 1,500 people gave This Is Your Digital Life permission, though the total of actual users affected is unknown. The problem goes beyond those that granted permission to share; if you in some way messaged with any of those users, you might be also impacted.

Update 4/10/18 2:26 PM ET: Cambridge Analytica tweeted that it hasn't "handled such data" and that GSR (Global Science Research, the research company that obtained data for CA) did not share any private messages with it or SCL Elections.

A Facebook spokesperson reached out and told us:

"In 2014, Facebook's platform policy allowed developers to request mailbox permissions but only if the person explicitly gave consent for this to happen. At the time when people provided access to their mailboxes -- when Facebook messages were more of an inbox and less of a real-time messaging service - this enabled things like desktop apps that combined Facebook messages with messages from other services like SMS so that a person could access their messages all in one place. According to our records only a very small number of people explicitly opted into sharing this information. The feature was turned off in 2015."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
443 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Logitech unveils its first mouse and keyboard built for Chrome OS

Logitech unveils its first mouse and keyboard built for Chrome OS

View
'Control' will let you photograph its beautiful Brutalist setting

'Control' will let you photograph its beautiful Brutalist setting

View
Google's Daydream VR experiment is over

Google's Daydream VR experiment is over

View
Here's everything Google announced at the Pixel 4 event

Here's everything Google announced at the Pixel 4 event

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr