Since the Cambridge Analytica Facebook data scandal, the number one question I’ve been asked is, “What Facebook data did they get?” The second most popular question is, “What did Cambridge Analytica do with it?” Let’s review:

What We’ve Been Told

According to Mark Zuckerberg, “In 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends’ data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends’ data. Later in the same post, Zuckerberg claims that the issue surfaced again in 2015 and Facebook took action (perhaps not enough action) to bring the offending company into compliance with Facebook policies.

What Facebook Data Did They Get?

The full answer to this question will come out in the upcoming investigations and legal proceedings. But we can make a pretty good guess at what data Cambridge Analytica obtained by looking at the endpoints of Facebook’s Graph API v1.0 (application programming interface) which launched April 21, 2010, and wasn’t fully closed down until April 30, 2015.

Using Facebook’s Graph API v1.0, developers had unfettered access to almost all of your public-facing profile data, including:

The heart of the scandal focuses on one of the API’s permissions groups called “Extended Profile Properties.” These endpoints provided access to data about your friends that your friends may not have explicitly granted permission for Facebook to expose, specifically: