Ireland’s Data Protection Commission have announced an inquiry into Facebook after it was notified that passwords were stored in plain text format on its internal servers.
Last month, the social network admitted to the security lapse which meant company employees could have seen the passwords of users which are usually stored in an unreadable format.
The social network warned that hundreds of millions of Facebook Lite users, a down-scaled version of the app for people with older phones or slow internet connections, as well as millions of main Facebook and Instagram users could be affected.
Facebook fixed the flaw after uncovering it January and its own investigation found no evidence that anyone outside Facebook got hold of the passwords, or that were they abused by staff internally.
A press release from the DPC reads:
“The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.”
Canadian privacy watchdogs are also probing lax data protection policies while the New York attorney general is scrutinising an unauthorised email collection by the social media network.