The Data Protection Commission says it has been contacted by Facebook after it emerged that millions of users have had their passwords improperly secured.
The social media site has known since January that millions of users' passwords were stored in a readable format on its systems.
Facebook says anyone affected will be notified but it assured there is no evidence any of its employees abused the passwords.
The DPC says it is currently seeking further information about the matter.
Passwords are usually masked in an unreadable format but the social network has admitted hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Instagram users may have been affected by the error.
The company said it has fixed the issue since uncovering it but the development will still come as a blow.
Facebook is already dealing with a deluge of problems, most recently its handling of live streams following the Christchurch mosque attack and its response to removing videos.
An investigation carried out by the social network showed no evidence that anyone outside Facebook got hold of the passwords, nor were they abused by staff internally, the firm wrote in a blog post.
Pedro Canahuati, Facebook's vice-president for engineering, security and privacy, said: "As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.
We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.
The announcement is the latest in a string of headaches for Facebook chief executive Mark Zuckerberg in recent years, including rampant misinformation spread on the network, breaches of user data and allegations of political manipulation.
In October, Facebook revealed millions of email addresses, phone numbers and other personal user information were compromised during a security breach, affecting as many as 50 million accounts.
Concerned users are being urged to change their password and consider enabling additional security measures such as a security key or two-factor authentication.
PA & Digital Desk