The Cambridge Analytica scandal continues to grow, over at Facebook. Today, the company began sending out notifications on the home page (once you logged in) telling users that a friend of theirs have used the app 'This Is Your Digital Life' which gave Cambridge Analytica access to all kinds of data. And buried deep in the disclosures was a tidbit about the fact that this app may have gotten messages sent between you and that person. So this means that many Facebook Messenger messages were harvested as well, but not everyone that uses Facebook. The company has not yet said how many messages were collected though.
This happened because the app had requested access to Facebook Messenger by using the read_mailbox permission with the app. This is why it's important to read through permissions for apps and services before you allow permission for them. Facebook says that this permission was phased out in April 2015. So if both people had downloaded the same app, then the mailbox permission would have worked, but it was deprecated in October. So theoretically, as long as you are updating your apps, it should not have picked up your messages. This is a permission that users would have had to give to the app, though they are also bundled up with a ton of other permissions that many people just click 'allow' or 'ok' on and get on with the app.
Currently, Facebook's CEO, Mark Zuckerberg is on Capital Hill testifying before the US Congress today and tomorrow about this issue. Around 87 million users were affected by this data harvesting of Cambridge Analytica, which is no small number, and it definitely grabbed the attention of Congress as it should. It's unclear what will happen with Facebook, whether it'll be regulated in the near future or not. But it's clear that Facebook does have plenty of changes that need to be made. Starting with the permissions that apps are allowed to ask for from users.