Facebook
FacebookiStock

Facebook’s lead regulator in the European Union, the Irish Data Protection Commissioner (DPC), on Wednesday commenced an investigation into a massive cyberattack on the social networking site that the company disclosed last week, Reuters reported.

Facebook announced on Friday that hackers had stolen login codes that allowed them to access nearly 50 million Facebook accounts, its worst-ever security breach given the unprecedented level of potential access.

“In particular, the investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation (GDPR) to implement appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes,” the DPC said in a statement quoted by Reuters.

Under the new GDPR European privacy regulations which came into effect in May, breaking privacy laws can result in fines of up to 4 percent of global revenue or 20 million euros, whichever is higher, as opposed to a few hundred thousand euros previously.

The DPC, which regulates a number of US multinationals with European headquarters in Dublin, said Facebook informed it that their own internal investigation is continuing and that the company continued to take remedial actions to mitigate the potential risk to users.

Facebook indicated on Tuesday that investigators had determined that the hackers did not access other sites that use the social networking site’s single sign-on.

GDPR imposes steep penalties if companies fail to follow rules that include a requirement that they disclose breaches within 72 hours of discovery. That is a tight window that security experts say does not give investigators adequate time to determine the impact of the breach.

Facebook’s latest vulnerability had existed since July 2017, but the company first identified it on Tuesday of last week.

Several months ago, Facebook said a bug in its software had changed the default setting on some users' posts to "public" without requesting their consent.

The bug was active between May 18-27, 2018, and may have affected up to 14 million users.

In addition, Facebook has also been dealing with political disinformation campaigns from Russia and elsewhere since 2016.

Facebook has also been cracking down on terror-related content, having said in April it removed or put a warning label on 1.9 million pieces of extremist content related to the Islamic State (ISIS) or Al-Qaeda terrorists groups in the first three months of the year.