Meta Fined $100M For Storing Over Half A Billion Passwords In Plaintext: Mark Zuckerberg-Led Company Reportedly Had 2000 Employees Querying Them 9M Times
Meta Fined $100M For Storing Over Half A Billion Passwords In Plaintext: Mark Zuckerberg-Led Company Reportedly Had 2000 Employees Querying Them 9M Times
The DPC concluded that Meta did not meet the GDPR's security standards, as the passwords were unencrypted, posing a risk of unauthorized access to users' social media accounts. The regulator also found that Meta failed to report the breach within the required 72-hour timeframe and did not properly document the incident.$Meta Platforms (META.US)$ has been fined €91 million ($101.5 million) by Ireland's Data Protection Commission (DPC) for a 2019 security breach.
$Meta Platforms (META.US)$ 因2019年的安全漏洞被爱尔兰数据保护委员会(DPC)处以91万欧元(合1.015亿美元)的罚款。
What Happened: The DPC initiated an investigation in April 2019 under the General Data Protection Regulation (GDPR) after Meta, then known as Facebook, disclosed that "hundreds of millions" of user passwords were stored in plaintext on its servers.
发生了什么:DPC于2019年4月根据《通用数据保护条例》(GDPR)启动了一项调查,此前Meta(当时名为Facebook)透露 “数亿” 用户密码以纯文本形式存储在其服务器上。
To make matters worse, the 600 million passwords stored in plaintext were reportedly accessed by 2,000 engineers at the company nearly nine million times.
更糟糕的是,据报道,该公司的2,000名工程师访问了以纯文本形式存储的60000万个密码近900万次。
The DPC concluded that Meta did not meet the GDPR's security standards, as the passwords were unencrypted, posing a risk of unauthorized access to users' social media accounts. The regulator also found that Meta failed to report the breach within the required 72-hour timeframe and did not properly document the incident.
DPC 得出结论,Meta 不符合 GDPR 的安全标准,因为密码未加密,存在未经授权访问用户社交媒体账户的风险。监管机构还发现,Meta未能在规定的72小时时间内报告违规行为,也没有正确记录该事件。
Deputy Commissioner Graham Doyle emphasized the sensitivity of the exposed passwords, noting the risks of abuse from unauthorized access.
副局长格雷厄姆·道尔强调了泄露密码的敏感性,并指出了未经授权的访问导致滥用的风险。
This fine adds to Meta's history of GDPR penalties, highlighting ongoing privacy compliance issues. The €91 million penalty is significantly higher than the €17 million fine imposed in March 2022 for a separate 2018 breach.
这笔罚款增加了 Meta 对 GDPR 的处罚历史,凸显了持续的隐私合规问题。91万欧元的罚款大大高于2022年3月对2018年另一起违规行为处以的1700万欧元罚款。
Why It Matters: This latest fine is part of a series of penalties that Meta has faced over the years for privacy violations. In March 2022, the Irish government fined Meta $18.6 million for mishandling 12 data breaches between June 2018 and December 2018.
为何重要:最新的罚款是 Meta 多年来因侵犯隐私而面临的一系列处罚的一部分。2022年3月,爱尔兰政府因在2018年6月至2018年12月期间对12起数据泄露事件处理不当而对Meta处以1,860万美元的罚款。
The DPC found that Meta failed to implement adequate security measures to protect EU users' data.
DPC 发现,Meta 未能实施足够的安全措施来保护欧盟用户的数据。
In January 2023, the Irish watchdog imposed a €390 million fine on Meta for user privacy violations. The penalty was related to Meta's handling of user data for personalized advertising, which was found to be in breach of GDPR regulations.
2023 年 1 月,爱尔兰监管机构因侵犯用户隐私而对 Meta 处以39000万欧元的罚款。该处罚与 Meta 处理个性化广告的用户数据有关,这被认定违反了 GDPR 法规。
More recently, in July 2023, Meta faced the threat of a $100,000 daily fine in Norway if it did not amend its privacy policies. The Norwegian Data Protection Authority imposed a three-month ban on Meta's behavioral advertising, with potential extensions by the European Data Protection Board.
最近,在2023年7月,如果不修改其隐私政策,Meta在挪威面临每天10万美元罚款的威胁。挪威数据保护局对 Meta 的行为广告实施了为期三个月的禁令,欧洲数据保护委员会可能会延期。
Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.
免责声明:此内容部分是在人工智能工具的帮助下制作的,并由Benzinga的编辑审阅和发布。
