Irish privacy regulator probing Facebook exposing millions of passwords

Irish privacy regulator probing Facebook exposing millions of passwords
© Getty Images

Ireland's privacy regulator on Thursday announced that it is probing Facebook's recent announcement that "hundreds of millions" of user passwords were exposed within the company's internal servers for years.

The Irish Data Protection Commission (IDPC) said it has initiated a "statutory inquiry" into whether Facebook violated the European Union's sweeping data rules, called the General Data Protection Regulation (GDPR), by allowing the passwords to be stored in a format that employees could search through.  

ADVERTISEMENT

"The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers," the IDPC said in a statement.

"We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR," the regulator added.

The inquiry comes weeks after Facebook said in a blog post that hundreds of millions of users' passwords had been stored in unprotected plain text accessible by the company's employees. It later added that millions of Instagram passwords had been stored this way. 

Facebook in a statement on Thursday emphasized that it has not seen evidence that the passwords were "abused or improperly accessed.”

“We are working with the IDPC on their inquiry," a Facebook spokesperson said.

The IDPC has 10 other ongoing investigations into Facebook and its various platforms seeking to identify whether the tech giant is complying with the GDPR, a set of strict data privacy rules that went into effect in May of last year. 

Thursday brought headaches for Facebook around the world, as Canada's federal privacy watchdog also announced that it hopes to bring Facebook to court after concluding in an investigation that Facebook broke multiple privacy laws. 

And in the U.S., Facebook on Wednesday revealed that it has been expecting a fine between $3 billion and $5 billion from the Federal Trade Commission, which is investigating whether Facebook misled users about what it was doing with their data.

--This report was updated at 11:56 a.m.