Meta fined $102 million for storing passwords in plain text

Date:

Share:


The Irish Data Protection Commission (DPC) has slapped Meta with a $101.5 million (€91 million) fine after wrapping up an investigation into a security breach in 2019, wherein the company mistakenly stored users’ passwords in plain text. Meta’s original announcement only talked about how it found some user passwords stored in plain text on its servers in January that year. But a month later, it updated its announcement to reveal that millions of Instagram passwords were also stored in easily readable format.

While Meta didn’t say how many accounts were affected, a senior employee told Krebs on Security back then that the incident involved up to 600 million passwords. Some of the passwords had been stored in easily readable format in the company’s servers since 2012. They were also reportedly searchable by over 20,000 Facebook employees, though the DPC has clarified in its decision that they were at least not made available to external parties.

The DPC found that Meta violated several GDPR rules related to the breach. It determined that the company failed to “notify the DPC of a personal data breach concerning storage of user passwords in plaintext” without undue delay and failed to “document personal data breaches concerning the storage of user passwords in plaintext.” It also said that Meta violated the GDPR by not using appropriate technical measures to ensure the security of users’ passwords against unauthorized processing.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts,” DPC’s Deputy Commissioner, Graham Doyle, said in a statement.

The DPC has also given the company a reprimand in addition to the penalty. We may know more about what that means for Meta exactly when the commission publishes its full final decision and other related information in the future.



Source link

━ more like this

SpaceX’s holiday greetings involve a quirky rocket-engine nozzle dance

SpaceX has offered holiday greetings via a spot of synchronized rocket-engine nozzle steering. The quirky 65-second video — which includes the message: “Wishing you...

NASA’s Parker Solar Probe will fly closer to the sun than ever on Christmas Eve

NASA’s Parker Solar Probe is still zipping around the sun making history, and it’s gearing up for another record-setting approach this week. On...

Inappropriate apps rated as safe for young children are prevalent in the App Store, report warns

A new published by the child safety groups Heat Initiative and ParentsTogether Action details the alarming presence of inappropriate apps that are...

This is the GPU I’m most excited for in 2025 — and it’s not by Nvidia

Table of Contents Table of Contents Setting the pace More realistic options Better or worse? It’s all about value The next few months will completely redefine every ranking of...

Apple’s next AirPods Pro could offer heart rate and temperature monitoring

Apple is working on the next generation of AirPods Pro, and they may come packing some new health features, according to Bloomberg’s Mark...
spot_img