share_log

Meta Fined $100M For Storing Over Half A Billion Passwords In Plaintext: Mark Zuckerberg-Led Company Reportedly Had 2000 Employees Querying Them 9M Times

Benzinga ·  Sep 28 03:09

$Meta Platforms (META.US)$ has been fined €91 million ($101.5 million) by Ireland's Data Protection Commission (DPC) for a 2019 security breach.

What Happened: The DPC initiated an investigation in April 2019 under the General Data Protection Regulation (GDPR) after Meta, then known as Facebook, disclosed that "hundreds of millions" of user passwords were stored in plaintext on its servers.

To make matters worse, the 600 million passwords stored in plaintext were reportedly accessed by 2,000 engineers at the company nearly nine million times.

The DPC concluded that Meta did not meet the GDPR's security standards, as the passwords were unencrypted, posing a risk of unauthorized access to users' social media accounts. The regulator also found that Meta failed to report the breach within the required 72-hour timeframe and did not properly document the incident.

Deputy Commissioner Graham Doyle emphasized the sensitivity of the exposed passwords, noting the risks of abuse from unauthorized access.

This fine adds to Meta's history of GDPR penalties, highlighting ongoing privacy compliance issues. The €91 million penalty is significantly higher than the €17 million fine imposed in March 2022 for a separate 2018 breach.

Why It Matters: This latest fine is part of a series of penalties that Meta has faced over the years for privacy violations. In March 2022, the Irish government fined Meta $18.6 million for mishandling 12 data breaches between June 2018 and December 2018.

The DPC found that Meta failed to implement adequate security measures to protect EU users' data.

In January 2023, the Irish watchdog imposed a €390 million fine on Meta for user privacy violations. The penalty was related to Meta's handling of user data for personalized advertising, which was found to be in breach of GDPR regulations.

More recently, in July 2023, Meta faced the threat of a $100,000 daily fine in Norway if it did not amend its privacy policies. The Norwegian Data Protection Authority imposed a three-month ban on Meta's behavioral advertising, with potential extensions by the European Data Protection Board.

Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors.

Disclaimer: This content is for informational and educational purposes only and does not constitute a recommendation or endorsement of any specific investment or investment strategy. Read more
    Write a comment