The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users’ passwords in plaintext in its systems.
The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union’s General Data Protection Regulation (GDPR).
To that end, the DPC faulted Meta for failing to promptly notify the DPC of the data breach, document personal data breaches concerning the storage of user passwords in plaintext, and utilize proper technical measures to ensure the confidentiality of users’ passwords.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Meta originally revealed that the privacy transgression led to the exposure of a subset of users’ Facebook passwords in plaintext, although it noted that there was no evidence it was improperly accessed or abused internally.
According to Krebs on Security, some of these passwords date back to 2012, with a senior employee stating “some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plaintext user passwords.”
A month later, the company acknowledged that millions of Instagram passwords were also stored in a similar manner, and that it’s notifying affected users.
“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” Graham Doyle, deputy commissioner at the DPC, said in a press statement.
“It must be borne in mind that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”
In a statement shared with Associated Press, Meta said it took “immediate action” to fix the error, and that it “proactively flagged this issue” to the DPC.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign