Ireland’s privacy regulator says it’s investigating Facebook over the social media giant’s recent revelation that it had left hundreds of millions of user passwords exposed.
The Irish Data Protection Commission said Thursday that it opened a statutory inquiry this week into Facebook after the company notified it about the security lapse.
The company said last month that it had inadvertently stored passwords for users of Facebook, Facebook Lite and Instagram in plain text, making it possible for employees to search them.
Facebook said it is working with the commission on the inquiry.
“There is no evidence that these internally stored passwords were abused or improperly accessed,” the company said in a statement.
Facebook has said it fixed the problem and planned to notify millions of Facebook and Instagram users and “hundreds of millions” of users of Facebook Lite, which is primarily used in developing countries.
It’s the latest regulatory headache for Facebook and CEO Mark Zuckerberg, who has promised to turn the company into a “privacy focused platform.”
The Irish commission, which is Facebook’s lead privacy regulator for Europe, already has 10 other investigations under way into the company and its subsidiaries over whether it’s complying with European data protection rules.
Facebook said Wednesday it expects to be fined at least $3 billion by the U.S. Federal Trade Commission, which is investigating whether the social network violated users’ privacy. It also faces other probes in the U.S. and Europe, including in Belgium and Germany.