Wylie's account largely fills in the gaps from Facebook's statement. While Facebook didn't explain how many users had their data snagged by the "thisisyourdigitallife" app, the reports say it pulled private info from more than 50 million people even though they didn't know about it or consent -- an act that at the time was allowed under Facebook's rules. About 30 million of those (a number previously reported by The Intercept) contained enough information for Cambridge Analytica to match profiles with other data and complete its "psychographic" work -- learning about individuals and trying to target them with personally tailored messages.

That's the bit that causes Wylie to describe his former employer as engaging in something more like psychological warfare than simple "data analysis." Cambridge Analytica maintains that "When it subsequently became clear that the data had not been obtained by GSR in line with Facebook's terms of service, Cambridge Analytica deleted all data received from GSR." It also claims none of the data was used during the 2016 campaign, however, the NYT notes that its CEO previously said the Trump efforts drew on psychographics it had created for the Ted Cruz campaign.

As for Facebook, that company is staunchly pushing the line that this does not represent a "breach" or a "leak". Deputy General Counsel tweeted that "No systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked." In a series of now-deleted tweets, CSO Alex Stamos said the app's creator "lied" to users and Facebook about what he was using the data for, but said his use was consistent with its API at the time, and the way some APIs for contact sharing works on platforms like Android and iOS. Facebook updated last night's release with a new statement:

The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.

That will not be enough to avoid further scrutiny however -- according to The Guardian, the British Information Commissioner's Office and the Electoral Commission are investigating. In the US, Massachusetts attorney general Maura Healey announced her office is opening an investigation, and they probably won't be the only ones.

That's above and beyond the professor suing Cambridge Analytica in the UK to find out the full extent of the data it has acquired. David Carroll's lawsuit was filed yesterday, and a crowdfunding campaign to back the effort has already raised £30,000.