Your Facebook messages might also be at risk in data scandal

I've been so smug.

Years of denying apps and games access to my Facebook account seemed to have paid off. Last week when I checked just how many apps have access to my account, the grand total came to five, including Spotify, CBS Sports and Bitmoji for Messenger.

Just maybe I'd escaped being one of the legions of Facebook users whose data was ill-gotten and misused.

But there's another twist in this saga of who has your Facebook data and how they got it, showing there's room for this scandal to deepen.

In case it's gotten by you, Facebook CEO Mark Zuckerberg is in Washington on Tuesday and Wednesday to answer questions from Congress about how digital consultancy Cambridge Analytica improperly accessed data from about 87 million Facebook users -- and more broadly, what the world's largest social network is doing to safeguard your privacy and to fend off other issues, like election meddling.

Like me, you might have gotten a notification from Facebook on Monday or Tuesday telling you that either you or one of your friends at some point logged in to This Is Your Digital Life via Facebook. That's the quiz that led to the leaking of all that data from all those users.

Watch this: Zuckerberg to Congress: 'It was my mistake, and I'm sorry'

01:25

In my case, it's some unknown so-called friend. Lucky for them, I don't know who, otherwise they'd be getting a FaceTime call from their friendly neighborhood tech journalist in an unusually sour mood.

Apart from bringing on a vague sense of betrayal, the notification also contained an unsettling little detail: "A small number of people who logged into 'This Digital Life' also shared their own News Feed, timeline, posts and messages which maybe have included posts and messages from you."

So someone might also have my DMs?

Update, 12:25 p.m. PT: A Facebook spokesperson confirmed to Wired that the quiz asked for permission to read messages in Facebook users' inboxes, and so Cambridge Analytica may indeed have had access to people's private messages if they took the quiz, or if they sent or received messages from a Facebook friend who did.

Here's Facebook's statement on the matter:

"In 2014, Facebook's platform policy allowed developers to request mailbox permissions but only if the person explicitly gave consent for this to happen. At the time when people provided access to their mailboxes - when Facebook messages were more of an inbox and less of a real-time messaging service - this enabled things like desktop apps that combined Facebook messages with messages from other services like SMS so that a person could access their messages all in one place. According to our records only a very small number of people explicitly opted into sharing this information. The feature was turned off in 2015."

Original story continues:   

Normally, I'm a fan of self-reflection. Seven in the morning is not when I'd prefer to mentally riffle back through years of Facebook messages between friends, roommates, co-workers and classmates, wondering if I said anything so unforgivably dumb it could come back to haunt me.

Despite my best efforts, it turns out the safety of my data has been in part at the mercy of my friends. What's more, the tentacles on this scandal reach further and further into our Facebook lives. After all, in college I might've figured that gripes about professors and all those relationship counseling sessions conducted via Messenger would stay between friends as long as I kept all my permissions under control.

These days, backbiting is probably best left to in-person meetings (after you've given your listener a swift pat-down).

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

Blockchain Decoded:  CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.