The Irish Data Protection Commission (DPC) has fined Meta $101.5 million. The penalty was imposed due to violations of user password storage regulations.
The issue was discovered in January 2019 when it became clear that some user passwords were stored on the company's servers in plain text. Subsequently, Meta reported that the problem also affected millions of Instagram user passwords.
According to data provided by a senior company official to Krebs on Security, the incident could have impacted up to 600 million passwords. Some of these were stored in an unencrypted format since 2012. Over 20,000 Facebook employees had access to this data, although the DPC confirmed that external parties did not gain access to the passwords.
The commission determined that Meta violated several rules of the General Data Protection Regulation (GDPR). The company failed to notify the DPC about the data leak in a timely manner, did not properly document the incident, and did not take appropriate technical measures to protect user passwords from unauthorized access.
Deputy Commissioner of the DPC, Graham Doyle, emphasized the importance of proper password storage:
“It is widely recognized that user passwords should not be stored in plaintext due to the risks of misuse. It should be noted that the passwords in this case are particularly sensitive, as they provide access to users' social media accounts.”
In addition to the fine, the DPC also issued a reprimand to the company. The commission plans to publish detailed information about the decision and related matters later.
Source: Engadget
Comments (0)
There are no comments for now