Dark
Light
Today: October 12, 2024
October 1, 2024

Meta Fined €91 Million by Irish DPC for 2019 Facebook and Instagram Password Breach: GDPR Violations and Data Security Failures

The Irish Data Protection Commission (DPC) has fined Meta €91m ($101.56m) after an investigation into an external security breach that began in March 2019. This problem arose when Meta reported that it had been recording people’s passwords in plaintext in its databases, which is contrary to agreed security measures.

The DPC initiated its probe on Meta the following month, but found that the company broke several provisions of the European Union’s General Data Protection Regulation (GDPR). Namely, Meta was violating four distinct GDPR articles. The DPC criticized Meta for failing to:

  1. Inform the regulatory authority of the loss of security as soon as possible.
  2. Ensure that the processing of the personal data breaches involves the storage of the plaintext password.
  3. Include sufficient technical procedures to protect users’ passwords and that they should remain secure.

The problem investigated revealed that the storage of passwords in plaintext is very insecure as anyone with access to them could exploit the users’ data.

Meta had at first disclosed it had a subset of Facebook users’ passwords in plaintext. While the company insisted that there are no records to show that the passwords were used or accessed in the wrong way, security analysts sounded alarm. Data leaked included passwords created up to 2012,.In one internal case, business insiders identified that 2,000 engineers/developers at Meta carried out some nine million internal searches, which comprised plaintext passwords.

Also Read: Google Cracking Whip Against Fake reviews on Maps Impact Indian Businesses

This was after Meta in April 2019 admitted that millions of Instagram users’ passwords had been also held in a similar unsecured way. The company added that it informed all users who could be affected by the problems.

The deputy commissioner in charge of the Irish DPC, Graham Doyle, stressed severity of the situation pointing to the specificity of the stolen passwords. ‘It goes without saying that user passwords should not be stored as plaintext because persons accessing such data are likely to abuse it,’ said Doyle in a press statement. He also underlined potential threats associated with these revealed passwords as, with their help, intruders will be able to enter users’ social media profiles.

Meta stated that when the DPC made the findings, Meta said it acted to address the situation quickly; furthermore, it claimed to have “proactively informed” the DPC about the matter. The company replied that it wants to assure the public that it has not found any sign of misuse and/or illicit use of the out in the plaintext form passwords.

Still, while Meta was quick to address the problem, the DPC pointed out that the issue highlighted major failures in the company’s personalized user data management, for which it was fined €91 million.

                           Follow the R9 NEWS channel on WhatsApp

Previous Story

Google Cracking Whip Against Fake reviews on Maps Impact Indian Businesses

Next Story

Jammu And Kashmir Assembly Elections: How Many Candidates In Phase 2 Have Cases Pending Against Them?

Latest from Blog

IBPS PO Prelims Admit Card 2024 Released

The IBPS has officially issued the admit cards for the conduct of the IBPS PO Prelims exam conducted in 2024. Candidates who have registered for the Probationary Officer (PO) examination can now
Go toTop

Don't Miss

Facebook’s Youth Renaissance: Meta’s Strategy to Reengage Young Adults

Meta’s flagship app Facebook is witnessing a significant resurgence among

Alia Bhatt Expresses Gratitude for Birthday Wishes, Unveils Joyous Celebration Snapshot: “It Was a Good Day”

As Alia Bhatt marked her 31st birthday on March 15,