Ireland fines Meta $102M for lapse in PASSWORD SECURITY
10/03/2024 / By Belle Carter
Ireland has slapped a huge fine on Mark Zuckerberg’s Meta Platforms, alongside a formal reprimand, for failing to protect its users’ passwords.
The Irish Data Protection Commission (DPC) announced the penalties on Sept. 27, emphasizing that the company failed to implement appropriate security measures for user passwords. The €91 million ($102 million) fine and formal reprimand followed the DPC’s four-year investigation into how the tech giant safeguarded sensitive user data.
“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” DPC Deputy Commissioner Graham Doyle said in a statement. “It must be borne in mind that the passwords subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.”
In March 2019, Meta notified the DPC that it had inadvertently stored certain passwords of social media users in “plaintext” on its internal systems, without cryptographic protection or encryption. It nevertheless claimed that these passwords were not made available to external parties.
The investigation that commenced in April of the same year assessed Meta’s compliance with the General Data Protection Regulation (GDPR), and in particular, whether the company implemented measures to ensure a level of security appropriate to the risks associated with the processing of passwords. Also, the DPC examined whether Meta complied with its obligations to document and notify the DPC of personal data breaches.
The DPC’s final decision identified four areas wherein Meta’s practices were found to have run afoul of various GDPR provisions:
- Meta failed to notify the regulators on time about the personal data breach.
- Meta did not adequately document the incident.
- Meta did not implement appropriate technical and organizational measures to protect user passwords from unauthorized access.
- Meta did not ensure a security level appropriate to the risks associated with storing passwords in plaintext.
The Irish regulators said they would publish the full details of their decision in the coming weeks.
Not the first time Meta ran afoul of the DPC
The DPC’s $102 million fine is the latest in a series of hefty fines for Meta and its social media platforms from the Dublin-based watchdog, which is the company’s lead regulator under the 27-nation EU’s stringent data privacy rulebook.
DPC already imposed a $1.34 billion fine on Mark Zuckerberg’s social media platform for unlawfully transferring European Union user data to the U.S. last May. A pair of fines totaling $414 million for GDPR breaches related to Facebook and Instagram followed immediately.
Meanwhile, reports indicate that Meta says the exposure was not that big of a deal.
According to Meta, its internal review found the passwords were only readable for a short time. The company purportedly acted quickly once the problem was identified, and no one’s privacy had been violated.
“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” Meta wrote in response as per AP News. “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”
Pedro Canahuati, Meta’s vice president of engineering, security and privacy, said in a statement back when the probe was starting that these passwords were never visible to anyone outside of Facebook and that they have found no evidence to date that anyone internally abused or improperly accessed them. (Related: Meta Platforms: MASS CENSORSHIP of Trump photo after failed assassination attempt was an “error.”)
Visit FacebookCollapse.com for stories about how Facebook fails to protect its users.
Watch the video below that talks about Meta CEO Mark Zuckerberg admitting to being pressured by the Biden-Harris administration to suppress information.
This video is from the NewsClips channel on Brighteon.com.
More related stories:
AFL exposes internal Facebook documents used for training CDC employees on censoring the public.
Meta admits to training its AI models with public info from Aussie users posted SINCE 2007.
Zuckerberg admits Biden admin pressured Meta to CENSOR content.
Facebook CENSORS video of DOJ official calling DA Alvin Bragg’s Trump prosecution “nonsense.”
Trump warns Zuckerberg and anyone who illegally interferes in election will be jailed for life.
Sources include:
Submit a correction >>
Tagged Under:
Big Tech, cryptographic, data breach, Data Protection Commission, encryption, Facebook, Facebook collapse, fakebook, General Data Protection Regulation, Glitch, Ireland, Irish regulators, mark zuckerberg, meta, Meta Platforms, Meta Platforms Ireland Limited, password security, passwords, plaintext, security, Social media, tech giants, zuckerberg
This article may contain statements that reflect the opinion of the author
RECENT NEWS & ARTICLES
