Today, the data protection watchdog of Ireland said that it had launched a probe into Facebook after the social media giant revealed that hundreds of millions of passwords were not securely stored on its servers.
The Irish Data Protection Commission disclosed that it had been notified by the firm that the passwords that are related to Facebook, Facebook Lite, and Instagram, “were stored by Facebook in plain text format in its internal servers.”
While the best security practice demands that the passwords to be encrypted, last March, Facebook acknowledged that a certain bug in its systems resulted in hundreds of millions of passwords being stored on its servers in human-readable form. This implied that thousands of employees could have been able to search for the passwords.
In a statement, the commission said: “We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.”
For its part, Facebook said that it had discovered “no evidence” that “anyone internally abused or improperly accessed” the exposed passwords.
Last March, Facebook’s vice president of engineering, security, and privacy, Pedro Canahuati, stated: “As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.”
The Irish Data Protection Commission is considered to be the most important data watchdog of Europe, as the European headquarters of various social media giants are based in the country.
Last February, the commission disclosed that there were seven similar ongoing investigations into Facebook, including one that is related to a breach that made at least 50 million user accounts vulnerable to hackers.
The data protection regulation of the European Union, GDPR, came into force last year. Under the regulation, firms could be imposed with fines of up to 4 percent of their global turnover — meaning that Facebook may likely face billions of euro in fines for the said breaches.