Meta Faces $101 Million Fine for Storing Facebook and Instagram Passwords in Plaintext
Meta is facing a $101 million fine for a 2019 incident in which the company inadvertently stored Facebook passwords in plaintext rather than encrypting them. These passwords were kept on internal servers, to which as many as 20,000 Facebook employees had access, potentially allowing them to bypass company protocols and access user accounts. Additionally, Meta later discovered it had also stored millions of Instagram users’ passwords in plaintext. The company publicly disclosed the issue and committed to strengthening its security practices.
Despite Meta‘s response, Ireland’s Data Protection Commission concluded that the company violated the European Union’s GDPR regulations, which mandate the use of appropriate measures to safeguard user passwords. The commission also criticized Meta for failing to notify European regulators about the breach within the required 72-hour window.
Although it’s unclear why the Irish regulator took so long to finalize its decision, the commission announced it will publish the “full Decision and further related information” soon. Meta has not confirmed whether it will pay the fine but stated to PCMag that it acted swiftly to resolve the issue after discovering the plaintext password storage.
In a statement, Meta said, “As part of a security review in 2019, we found that a subset of Facebook users’ passwords were temporarily logged in a readable format within our internal data systems. We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly. We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”
Newer Articles
- Octo2 Malware Spreads via Fake NordVPN and Chrome Apps, Targeting Mobile Banking Users
- Early Detection of Dementia: New Brain Scan Predicts Onset Up to Nine Years in Advance
- Ancient Viruses Embedded in Human DNA