From the screenshots it's obvious that the captured data is an HTTP form submission in facebook.
So they didn't have access to private messages, they just intercepted internet traffic and relied on it being unencrypted. Facebook didn't always enforce https by default like it does now
So they didn't have access to private messages, they just intercepted internet traffic and relied on it being unencrypted. Facebook didn't always enforce https by default like it does now