We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Niall Carson
plain text

Irish data watchdog launches probe into Facebook password storage as millions left exposed

Ireland’s Data Protection Commissioner is Facebook’s lead regulator in the European Union.

IRELAND’S DATA PROTECTION Commissioner has launched a statutory inquiry into Facebook’s password storage after the social media giant revealed that it stored millions of accounts’ passwords in plain text on its internal servers.

In March Facebook announced in a blog post that a routine security review carried out in January found the passwords were being stored in a readable format on its data storage systems.

It said it would be contacting “hundreds of millions” of users to make them aware that their password was involved in the glitch. Last week the company updated the post to say that it now estimates that the issue has also impacted “millions” of Instagram users.

A Facebook source told cyber security blog KrebsOnSecurity that more than 20,000 Facebook employees had access to the passwords.

Today the DPC announced it would be investigating whether Facebook broke EU data rules by storing users’ passwords in this manner.

As Ireland hosts Facebook’s European headquarters, under the EU’s General Data Protection Regulation’s (GDPR) the DPC is Facebook’s lead regulator in Europe.

facebook 869_90567861 Facebook CEO Mark Zuckerberg outside Government Buildings on his way to meet members of the Oireachtas Communications Committee in Dublin. Sam Boal Sam Boal

“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers,” it said in  a statement.

We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR. 

Earlier this year the DPC said it is conducting seven statutory inquiries into Facebook and three-more into Whatsapp and Instagram. It said it expects to wrap up the first of these probes in the summer and the rest by the end of the year.

A firm found to have broken EU data processing and handling rules can be fined up to 4% of their global revenue from the prior financial year.

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel