The Irish data protection regulator has announced the opening of an investigation against Facebook after posting on a hacker forum the personal data of more than 530 million users, including their phone numbers.
The Irish Data Protection Commission (DPC), the equivalent of the French CNIL, will investigate whether the American digital giant has met its obligations in terms of data control, according to a statement.
Facebook has its European headquarters in Ireland and it is therefore up to the Irish regulator to conduct the investigation for the European Union (EU).
To read also: Leak of 530 million accounts: Facebook denounces "malicious actors"
The DPC indicates that it has discussed the incident with Facebook and believes that it is possible that there may have been a breach of the EU's General Data Protection Regulation (GDPR), which the investigation will have to determine.
"
We fully cooperate with the investigation of the DPC
", reacted a spokesperson for Facebook, assuring that the functions in question, making it possible to find the users more easily, were "
frequent for many applications
" and that the group counted “
Explain the protections in place
”.
According to the GDPR, site editors must alert European data protection authorities as soon as they notice a leak.
Facebook did not, arguing that the data theft happened before the GDPR came into effect.
The DPC does not agree with this reading of the facts and therefore opens an investigation.
A file obtained without pirating
The data published last week on a hacker forum came from a leak that dates back to 2019 and which "
has been resolved
", according to the group.
Facebook denounced the method of "
scraping
", that is to say the large-scale automated aspiration of personal information left in public access on the social network (name, date of birth, place of residence, marital status ...).
This data was crossed with other information obtained through software mimicking a network functionality that helps members easily find friends by their phone numbers.
The hackers created a phone contact file with millions of phone numbers, and found which Facebook profile each number matched.
Read also: Facebook data breach: how to check if your phone number is affected
The hackers were thus able to create a mega file on 500 million users crossing Facebook profile, phone number, associated email address, and all the information left in public access.
The latter was on sale for the last two years, before being posted for free on a hacker forum in early April.
Another Instagram survey
Facebook has meshed with the DPC on other issues.
Its subsidiary, the social network Instagram, has been targeted since 2020 by an investigation in Europe concerning the processing of personal data of minor users.
The regulator opened two separate cases last month after receiving complaints that phone numbers and email addresses of young people under the age of 18 were accessible to all users on the network.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/N6RCKQB3T5EU3NIO4BUJ4QOGOM.jpg)
