In 2014, the Meta front, which came to the fore with the ‘Facebook-Cambridge Analytica data scandal’, perhaps one of the biggest data breach incidents in history, apparently does not learn lessons about data breach. The company has now been sentenced to pay a $ 100 million fine for hiding users’ passwords. Here’s what you need to know…
Meta stored your passwords in a text file!
The Irish Data Protection Commission (DPC) has fined Meta $101.5 million (€91 million). The reason for the fine is a security breach in 2019 in which user passwords were stored in plain text.
In January, Meta announced that some user passwords were stored on its servers in plain text. However, a month later, it had to announce that millions of Instagram passwords were also stored in an easily readable format.
While Meta did not disclose the number of affected accounts, a senior employee told Krebs on Security that the incident may have compromised up to 600 million passwords. Some passwords were allegedly stored in an easily readable format since 2012 and were searchable by more than 2,000 Facebook employees. However, the DPC stated that this information was at least not opened to outside parties.
The DPC found that Meta violated GDPR rules in several respects. The company faced accusations of ‘failing to notify the DPC without undue delay of a personal data breach related to the storage of user passwords in plain text’ and ‘failing to document personal data breaches related to the storage of user passwords in plain text’.
Meta was also accused of failing to take appropriate technical measures to secure user passwords against unauthorised processing.
In addition to a fine, the DPC also gave the company a reprimand. What exactly this will mean for Meta will become clearer when the commission publishes its final decision and other relevant information in the future.
What do you think about this issue? Do not forget to share your opinions in the comments.