Data Protection Commission Investigates Facebook


After Facebook alerted the Data Protection Commission (DPC) that it had found hundreds of millions of user passwords stored in its internal servers in plain text format, DPC launched an investigation to determine whether the company had acted in compliance with the General Data Protection Regulation (GDPR), according to an April 25 press release.

According to its website, the DPC is the Irish supervising authority for GDPR and is the national independent authority charged with data protection rights of individuals in the EU.

“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR,” a statement from the DPC said.

Though a Facebook spokesperson told Business Insider, “We are working with the IDPC on their inquiry. There is no evidence that these internally stored passwords were abused or improperly accessed,” the accidental mishandling of these passwords could result in a multi-billion-dollar fine for the social media company, according to the news outlet.

The news comes only days after Facebook said it had unintentionally uploaded – without consent – the emails of 1.5 million users. Earlier this month, Infosecurity also reported that over half a billion Facebook records were leaked by third-party app developers.

Facebook announced on March 21, 2019, that it had found some passwords being stored in readable format on its internal data storage systems, and the company updated that post on April 18 to add: “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”

Products You May Like

Articles You May Like

ActiveFence comes out of the shadows with $100M in funding and tech that detects online harm, now valued at $500M+
Microsoft in talks to back India’s Oyo
Coveware: Median ransomware payment down 40% in Q2 2021
Score a free month of Extra Crunch with your TC Sessions: SaaS 2021 pass
Experts Uncover Several C&C Servers Linked to WellMess Malware

Leave a Reply

Your email address will not be published. Required fields are marked *