Meta Hit with $101.5 Million Fine for Storing Passwords in Plain Text

0:00

Ireland’s Data Protection Commission (DPC) has levied a hefty fine of $101.5 million (€91 million) against Meta, following an exhaustive investigation into a 2019 security breach. The probe revealed that the company had inadvertently stored users’ passwords in plain text, a glaring lapse in security protocol.

Initially, Meta had announced the discovery of some user passwords stored in plain text on its servers in January 2019. However, a subsequent update revealed that millions of Instagram passwords were also stored in an easily readable format. While Meta remained tight-lipped about the exact number of affected accounts, a senior employee revealed to Krebs on Security that up to 600 million passwords were compromised. Some of these passwords had been stored in plain text since 2012, and were searchable by over 20,000 Facebook employees. The DPC has confirmed that the passwords were not accessible to external parties.

The DPC’s investigation found Meta in breach of several GDPR regulations. The company failed to notify the DPC of the personal data breach in a timely manner and did not document the breach adequately. Furthermore, Meta did not employ sufficient technical measures to safeguard user passwords against unauthorized access.

Deputy Commissioner Graham Doyle emphasized the gravity of the situation, stating, “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from unauthorized access. The passwords in question are particularly sensitive, as they grant access to users’ social media accounts.”

In addition to the fine, the DPC has issued a reprimand to Meta. The full implications of this decision will become clearer when the commission publishes its final verdict and supporting documentation in the future.

Mariella Moon
Mariella Moon
Contributing Reporter. Mariella covers everything from consumer technology and video games to strange little robots that could operate on the human body from the inside one day. She has a special affinity for space, its technologies and its mysteries, though, and has interviewed astronauts in the past. Her work has previously appeared in other publications, including Popular Science, Entrepreneur, TechCrunch, USA Today and PCMag.

Latest stories

Ad

Related Articles

Leave a reply

Please enter your comment!
Please enter your name here
Captcha verification failed!
CAPTCHA user score failed. Please contact us!

Ad
Continue on app