info@thehackernews.com (The Hacker News)
2024-09-30 02:12:00
thehackernews.com
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users’ passwords in plaintext in its systems.
The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union’s General Data Protection Regulation (GDPR).
To that end, the DPC faulted Meta for failing to promptly notify the DPC of the data breach, document personal data breaches concerning the storage of user passwords in plaintext, and utilize proper technical measures to ensure the confidentiality of users’ passwords.
Meta originally revealed that the privacy transgression led to the exposure of a subset of users’ Facebook passwords in plaintext, although it noted that there was no evidence it was improperly accessed or abused internally.
According to Krebs on Security, some of these passwords date back to 2012, with a senior employee stating “some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plaintext user passwords.”
A month later, the company acknowledged that millions of Instagram passwords were also stored in a similar manner, and that it’s notifying affected users.
“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” Graham Doyle, deputy commissioner at the DPC, said in a press statement.
“It must be borne in mind that the passwords, the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”
In a statement shared with Associated Press, Meta said it took “immediate action” to fix the error, and that it “proactively flagged this issue” to the DPC.
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.