The breach was reported by Meta Platforms Ireland Limited (MPIL) in September 2018. It impacted data including full names, email addresses, phone numbers, posts on timeliness and groups of which the user was a member, according to a statement by the watchdog Tuesday. Around three million of the users impacted were based in the European Union and European Economic Area, the statement added.
The breach arose from the exploitation by unauthorised third parties of user tokens on Facebook, the statement added. It was remedied by MPIL and its US parent company shortly after its discovery, it added.
“We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission. We have a wide range of industry-leading measures in place to protect people across our platforms,” a Meta company representative said in an emailed statement.
Ireland’s watchdog already chided the platform this year, slapping it with a €91 million fine in September over an investigation into password storing by the company.