Saturday, October 12, 2024
HomeSoftwareFacebook Parent Fined £75m Over Password Storage

Facebook Parent Fined £75m Over Password Storage

Published on

spot_img


Facebook parent Meta fined 91m euros over unencrypted storage of hundreds of millions of passwords dating back to 2012

The Irish data protection commissioner has issued a 91 million euro (£75m) fine to Facebook parent Meta over a failure to securely store hundreds of millions of passwords.

The DPC, which is Meta’s lead privacy regulator in the EU, began an investigation in 2019 after the company notified it that it had inadvertently stored the passwords without encryption, with some dating back to 2012.

The company was criticised at the time for a failure to take basic security precautions.

The DPC submitted a draft decision to other EU data regulators in June of this year and received no objections.

Image credit: Pexels

‘Risks of abuse’

Meta has been fined for serveral other breaches of the EU’s General Data Protection Regulation (GDPR), which is also in force in the UK.

“It is widely accepted that user passwords should not be stored in ‘plaintext’ considering the risks of abuse that arise from persons accessing such data,” said DPC deputy commissioner Graham Doyle.

“It must be borne in mind, that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.”

The DPC notified Meta of the fine and accompanying reprimand on 26 September.

“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” Meta said in a statement.

The company’s other GDPR fines include a 405m euro penalty for Instagram over mishandling teen data, 265m euros over the publication of user data on a hacking forum in 2021 and 1.2bn euros for mishandling data when conducting transatlantic data transfers.

‘Give me a break’

In 2019 Meta admitted it had stored hundreds of millions of passwords without encryption on internal servers accessible by 20,000 staff members.

The company said it had discovered the error as part of a routine security review in January of that year.

The majority of the affected passwords were users of Facebook Lite, a cut-down version of the social media app for regions with poor or slow connectivity.

At the time Meta estimated hundreds of millions of Facebook Lite passwords were affected, along with tens of millions of other Facebook users and tens of thousands of Instagram users, with the problems dating back in some cases to 2012.

“Passwords in a flat file for anyone to read? Are you kidding me? Give me a break!” commented Sam Curry, chief security officer at Cybereason, at the time.



Source link

Latest articles

Forget Alarmo – here are the 5 video game clocks you really need

Don’t be alarmed, but Nintendo’s latest gadget is a clock: Alarmo. You shouldn’t be...

Are U.S.’s cybersecurity concerns over Chinese EVs justified?

The U.S. administration is investigating Chinese connected vehicles after warning that they could pose...

robotaxi: Tesla’s robotaxi event was long on Musk promises. Investors wanted more details.

For a businessman who perpetually struggles with broken promises, Elon Musk gave himself...

The Space Force’s Top-Secret Spaceplane Is About to Do a Sick Stunt

Do a barrel roll!Dip and DiveDespite being top-secret, the Pentagon is promising that...

More like this

Forget Alarmo – here are the 5 video game clocks you really need

Don’t be alarmed, but Nintendo’s latest gadget is a clock: Alarmo. You shouldn’t be...

Are U.S.’s cybersecurity concerns over Chinese EVs justified?

The U.S. administration is investigating Chinese connected vehicles after warning that they could pose...

robotaxi: Tesla’s robotaxi event was long on Musk promises. Investors wanted more details.

For a businessman who perpetually struggles with broken promises, Elon Musk gave himself...