The latest data breach was reported to have exposed the data of at least 50 million user accounts, reported the Wall Street Journal.
The data breach is a major black eye for the social network, as it impacted users who used the site’s popular “View As” feature, a privacy tool that lets users see how their Facebook profile page appears to visitors, including people who they are not ‘friends’ with on the site.
The Journal reported that Facebook’s lead European privacy regulator, Ireland’s Data Protection Commission (DPC) wants more details from the social network about the data breach’s scope, which includes information on EU users that were impacted. In an e-mail to the Journal, the DPC said that it is “concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.”
The DPC also posted this on its Twitter account:
.@DPCIreland is awaiting from Facebook further urgent details of the security breach impacting some 50m users, including details of EU users which have been affected, so that we can properly assess the nature of the breach and risk to users. #dataprotection #GDPR #eudatap https://t.co/3oM3BSaSBS
— Data Protection Commission Ireland (@DPCIreland) September 30, 2018
Facebook insisted that users’ passwords were not revealed in the data breach, though impacted accounts did have to re-log into the social network on Friday. In response to the Journal’s report, a Facebook spokeswoman stated on Sunday that the company will answer the DPC’s questions, as well as provide regulators with further updates.
This is all set to be a continual issue for Facebook, as Europe’s General Data Protection Regulation is much more stringent than standard US privacy requirements.