#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 14°C Thursday 19 May 2022

Irish data watchdog launches probe into Facebook password storage as millions left exposed

Ireland’s Data Protection Commissioner is Facebook’s lead regulator in the European Union.

Image: Niall Carson

IRELAND’S DATA PROTECTION Commissioner has launched a statutory inquiry into Facebook’s password storage after the social media giant revealed that it stored millions of accounts’ passwords in plain text on its internal servers.

In March Facebook announced in a blog post that a routine security review carried out in January found the passwords were being stored in a readable format on its data storage systems.

It said it would be contacting “hundreds of millions” of users to make them aware that their password was involved in the glitch. Last week the company updated the post to say that it now estimates that the issue has also impacted “millions” of Instagram users.

A Facebook source told cyber security blog KrebsOnSecurity that more than 20,000 Facebook employees had access to the passwords.

Today the DPC announced it would be investigating whether Facebook broke EU data rules by storing users’ passwords in this manner.

As Ireland hosts Facebook’s European headquarters, under the EU’s General Data Protection Regulation’s (GDPR) the DPC is Facebook’s lead regulator in Europe.

facebook 869_90567861 Facebook CEO Mark Zuckerberg outside Government Buildings on his way to meet members of the Oireachtas Communications Committee in Dublin. Source: Sam Boal

“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers,” it said in  a statement.

We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR. 

Earlier this year the DPC said it is conducting seven statutory inquiries into Facebook and three-more into Whatsapp and Instagram. It said it expects to wrap up the first of these probes in the summer and the rest by the end of the year.

A firm found to have broken EU data processing and handling rules can be fined up to 4% of their global revenue from the prior financial year.

About the author:

Ceimin Burke

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel