Your personal Facebook messages may also have been shared

Facebook has quietly revealed that its huge data sharing snafu with Cambridge Analytica might have seen users personal messages shared with the firm, an unpleasant side-effect of its old third-party app settings. The social network finds itself under siege, with Mark Zuckerberg appearing in front of the US Congress today to explain exactly what went wrong and allowed data on millions of users to be so widely shared.

At the heart of the controversy is the way in which Facebook handled its data API for third-party apps. In an earlier version of that API, app-makers had wide-ranging access to a variety of data from the users of their games, surveys, and other tools. However, and in accordance with what was Facebook policy at the time, they'd also get access to data about the friends of those users.

Because of that, even though only a few hundred thousand people used the "This Is Your Digital Life" app, it was nonetheless able to collect information on what Facebook now says could be up to 87m of its registered members. That cache of data was then passed by the app's creator to Cambridge Analytica, the controversial firm that worked with the Trump campaign in the 2016 US presidential election. Cambridge Analytica has been accused of using personal data shared by Facebook users to target ad campaigns in the run up to the election.

As promised, Facebook released a tool today that reveals if you were affected by the Cambridge Analytica situation. Since the "This Is Your Digital Life" app was able to extract data about individuals even if they themselves didn't use the app, it flags whether a friend was responsible for inadvertently sharing your information. That, however, has another nasty surprise.

If a friend logged into the app, the warning you'll likely see is that your public profile, Page likes, date of birth, and current city were shared. "A small number of people who logged into "This Is Your Digital Life" also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you," Facebook adds.

Unfortunately, there's no indication of whether or not that actually happened: Facebook's new tool doesn't explicitly lay out whether your friends who logged into the app also gave those extended permissions. It's worth noting that, even if they did, it's not the case that your entire message history on Facebook has been shared. Specifically, it's just those messages you exchanged with the person who used the "This Is Your Digital Life" app.

Even so, it's unlikely to give lawmakers any greater sympathy with Facebook. The social network already faces calls from some quarters to increase regulation, applying tougher legal limits around what can be shared and what the penalties might be for data being shared without explicit user permission first being sought. The US FTC has confirmed it's opening an investigation into Facebook; meanwhile, come late May new, significantly tougher privacy regulations come into effect in Europe.