Meta was fined a large amount for carelessly storing user passwords, which compromised the security of millions of social media accounts.
Meta fine
Violation of data storage rules
The Irish Data Protection Commission (DPC) sanctioned Meta, imposing a fine of $101.5 million due to failure to comply with security protocols when storing user passwords.
Problem detection
At the beginning of 2019, a serious vulnerability was identified: some user passwords were stored on the company’s servers in unencrypted form. Later it turned out that this problem also affected a significant number of Instagram user passwords.
Scope of incident
According to information provided by a senior Meta employee to Krebs on Security, the incident may have affected approximately 600 million passwords. Some of them have been stored without encryption since 2012. More than 20,000 Facebook employees had access to this data, although the DPC confirmed that no outside parties had access to the passwords.
GDPR Violations
The Commission found that Meta violated a number of provisions of the General Data Protection Regulation (GDPR). The company did not notify DPC of the personal data breach in a timely manner, did not properly document the incident, and did not take adequate technical measures to protect user passwords from unauthorized access.
The importance of securely storing passwords
DPC Deputy Commissioner Graham Doyle highlighted the critical importance of storing passwords properly:
“It is generally accepted that user passwords should not be stored in clear text due to the risk of abuse. It is important to note that the passwords at issue in this case are particularly sensitive as they provide access to users' social media accounts."
Consequences for Meta
In addition to the large fine, the DPC also issued a reprimand to the company. The commission plans to publish full information about the decision and related details in the near future.
Glossary
- Meta is an American technology company that owns social networks Facebook and Instagram
- DPC - Irish Data Protection Commission, data protection regulator
- GDPR - General Data Protection Regulation, law European Union on the protection of personal data
- Instagram - a popular social network for sharing photos and videos
- Facebook - the world's largest social network
Links
- Krebs on Security: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
- Engadget: Meta fined $102 million for storing passwords in plain text
Answers to questions
What fine did Meta receive and for what?
When was the problem with storing passwords discovered?
How many passwords may have been affected by this incident?
What GDPR violations were identified at Meta?
What measures, in addition to the fine, were taken against Meta?
Hashtags
Save a link to this article
Discussion of the topic – Meta fined $102 million: User passwords are at risk
The Irish Data Protection Commission fined Meta $101.5 million for violating rules on storing user passwords in plain text.
Latest comments
8 comments
Write a comment
Your email address will not be published. Required fields are checked *
Olivia
Wow, $101.5 million! This is a huge fine for Meta. I wonder how this will affect their work in the future? 🤔
Hans
Yes, Olivia, this is a serious blow to your reputation. But what worries me more is that the passwords have been stored in clear text since 2012. This is simply unacceptable for such a large company! 😡
Sophie
Hans, I agree. I work in IT, and even in small companies we encrypt passwords. I can't believe Meta was so careless about user safety! 😱
Giovanni
But I’m thinking, maybe this is a good reason to reconsider your passwords and enable two-factor authentication wherever possible? 🔐
Viktor
It's all nonsense. Fines, passwords... It would be better not to use these social networks at all. You're just wasting your time and wasting your personal data.
Olivia
Giovanni, great idea! I was just about to update my passwords. As for two-factor authentication, it really is a must-have nowadays. 👍
Hans
Viktor, I understand your concern, but it’s difficult to completely abandon social networks now. Maybe we should just be more careful with what we publish? 🤷♂️
Sophie
Do you know what surprises me? 20,000 employees had access to this data! This is a huge number of people. How could such a situation be allowed to happen? 😮