Facebook has confirmed that private messages were included in data involved in the Cambridge Analytica scandal.
The social network said that about 0.5% of the 305,000 people who installed a personal data-harvesting app had given permission for it to access their Facebook inboxes.
However, many more would have been affected as the haul would have included conversations with others.
It is not clear whether the messages were given to Cambridge Analytica.
The political consultancy has yet to comment on the latest development.
Image copyright Facebook Image caption Facebook is sending messages to members it believes could have had data shared with Cambridge Analytica
That figure includes both those who took Mr Kogan’s test as well as their friends, whose personal records the app also had access to. Cambridge Analytica has said it only obtained data on about 30 million US citizens.
Facebook’s alerts included the warning: “A small number of people who logged into This Is Your Digital Life also shared their own… messages from you.”
Carole Cadwalladr – the Observer journalist whose investigation helped plunge Facebook into the current crisis – was among the first to pick up on the implication.
This is new & important. @chrisinsilico said that he had seen a table produced by Kogan that included private messages. But we had to be circumspect about this. Now confirmed by @facebook. https://t.co/nE18OfgqG0
— Carole Cadwalladr (@carolecadwalla) April 10, 2018
The BBC understands that Facebook does not believe that any of the 1,500 users involved had also given access to their SMS texts, despite the fact that there used to be ways to group all one’s messages together in one place.
The latest revelation came hours before Facebook’s chief executive Mark Zuckerberg was due to testify before the US Senate Commerce and Judiciary committees in Washington.
He is also due to be questioned by the House Congressional Testimony on Wednesday.
Ahead of his appearance, Facebook announced it would begin paying bounties to those who reported misuses of members’ data by app developers.
“This programme will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence,” it said.
Just spoke to Facebook about its new data abuse bounty programme:
– There’s no upper limit, though expect “big” revelations to get around $40,000, as per bug bounty programme
– Recipients of the bounty are free to go to the press once it is resolved
— Dave Lee (@DaveLeeBBC) April 10, 2018