Ireland’s privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules.
The Data Protection Commission said it decided to start investigating following “multiple international media reports” about the data dump.
News reports earlier this month said the data was found on a website for hackers and contained information on 533 million users from more than 100 countries, including names, Facebook IDs, phone numbers, locations, birthdates and email addresses.
The watchdog said it launched the investigation after it “engaged with Facebook Ireland,” questioning it about compliance with privacy rules. The company responded, the Irish agency said, suggesting it wasn’t satisfied with the answers.
Facebook said it’s “cooperating fully” with the investigation.
The company has previously downplayed the problem, saying “malicious actors” didn’t hack its systems but used automated software to scrape the data from Facebook’s platform.
The problem stemmed from a vulnerability, reported and fixed in 2019, in features that allow users to import contacts.
“These features are common to many apps and we look forward to explaining them and the protections we have put in place,” Facebook said in a statement.
Still, it’s another example of the vast amount of information collected by Facebook and other social media sites, and the limits to how secure that information is. And even though Facebook has patched the vulnerability, the user data is already out in the open and could be exploited by fraudsters.
Facebook, based in Menlo Park, California, has its European headquarters in Ireland, making that country’s watchdog its lead privacy regulator for the European Union under a system known as “one-stop shop.”
Irish regulators are already working on a dozen other investigations of Facebook and Instagram over suspected privacy breaches.
Related: Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems
Related: Facebook Fails in Bid to Derail $15 Bn Privacy Suit
Related: Facebook Admits to Tracking Non-Users Across the Internet
Related: Apple to Press Ahead on Mobile Privacy, Despite Facebook Protests