Facebook began to help users determine whether or not they were affected by the Cambridge Analytica scandal, and the company's notification details the fact that Facebook users could also have leaked their private messages to Cambridge Analytica .
As noted by researcher Jonathan Albright, the vulnerability dates back to the first version of Facebook's Graph API, which allowed applications to request massive amounts of information from users' friends with a single message. Once permission was granted, applications, such as Cambridge Analytica, could continue to extract data for years until the application was removed or when Facebook finally removed version 1.0 of the Graph API for a more limited version 2.0 in 2015.
Included in the data that the first Graph API applications could obtain was the ability to read users' private Facebook messages through an API request "read_mailbox".
Facebook confirmed to Wired that a relatively small number of Facebook users gave access to Messenger: only 1,500 people gave permission to the application "This Is Your Digital Life" to access the data, but anyone who sends messages to those 1,500 people also I could be shocked