Yahoo Finance Irish watchdog launches inquiry into Facebook passwords breach
Ireland’s data protection watchdog said on Thursday that it had opened an investigation into Facebook after the social media giant said that hundreds of millions of passwords were not stored securely on its servers.
The Irish Data Protection Commission said that it had been notified by the company that the passwords, relating to Facebook, Facebook Lite, and Instagram, “were stored by Facebook in plain text format in its internal servers.”
While best security practice requires passwords to be encrypted, Facebook acknowledged in March that a bug in its systems resulted in hundreds of millions of passwords being stored on its servers in human-readable form. This meant that thousands of employees could have searched for the passwords.
“We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR,” the commission said in a statement.
For its part, Facebook said it had found “no evidence” that “anyone internally abused or improperly accessed” the passwords.
“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” Pedro Canahuati, Facebook’s vice president of engineering, security, and privacy said in March.
The Irish Data Protection Commission is considered to be Europe’s most important data watchdog, as the European headquarters of several social media giants are based in the country.
In February, the commission said that there were seven similar ongoing inquiries into Facebook, including one in relation to a breach that made at least 50 million user accounts vulnerable to hackers.
GDPR, the European Union’s data protection regulation, came into force in 2018. Under the regulation, companies could be hit with fines of up to 4% of global turnover — meaning that Facebook might face billions of euro in fines for these breaches.
