From www.pcmag.com

Meta is facing a $101 million fine for a 2019 incident in which the company discovered it had accidentally stored Facebook passwords in plaintext rather than encrypting them. 

The passwords were stored on internal servers, but as many as 20,000 Facebook employees had access to those servers, potentially allowing them to bypass company protocols and breach user accounts. Meta later found it had also been storing the passwords of millions of Instagram users in plaintext. It publicly disclosed the incident and vowed to improve its security practices. 

Still, Ireland’s Data Protection Commission concluded today that Meta violated the European Union’s GDPR laws on data privacy, which require companies to use appropriate measures to store user passwords. The commission also appears to have faulted the company for failing to notify European regulators about the breach within 72 hours.

It’s unclear why the Irish regulator took so long to reach its decision, but it says it plans to publish the “full Decision and further related information in due course. “

Meta didn’t say whether it’ll pay the fine. But the social network told PCMag it took action to quickly fix the problem after it discovered the passwords being stored in plaintext. 

Recommended by Our Editors

“As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems. We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” the company says. “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})”>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

About Michael Kan

Senior Reporter

Michael Kan

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan

[ For more curated tech news, check out the main news page here]

The post Meta Faces $101 Million Fine for Storing Facebook Passwords in Plaintext first appeared on www.pcmag.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox

You may also like

Subscribe
Notify of
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

More in Tech News