The Irish Data Protection Commission (DPC) has started an investigation into Facebook's latest revelation claiming a security breach that may have affected nearly 50 million accounts.
Facebook had on Friday revealed a security breach that affected the accounts of as many as 50 million users. Facebook claimed its engineers discovered the breach on September 25, with the attackers exploiting vulnerability in its code that affected the 'View As' feature. The feature allows users to view their profile the way it appears to others. The breach allowed the attackers to steal Facebook 'access tokens', which essentially are like digital keys and keeps a user logged in, eliminating the need to log in every time the app is used. The access tokens can be used to hijack other accounts, Facebook said.
In a statement DPC said, "The Irish Data Protection Commission has commenced an investigation under Section 110 of the Data Protection Act 2018 into the Facebook data breach for which the notification was received by the DPC. In particular, the investigation will examine Facebook's compliance with its obligation under the General Data Protection Regulation to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data in process," the Irish watchdog said in a statement.
It added that Facebook has informed DPC that its internal investigation is continuing and that the company continues to take remedial actions to mitigate the potential risk to users.
DPC, Ireland's independent supervisory authority for data protection, had earlier said that the number of potentially affected European Union accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach.