Source URL: https://yro.slashdot.org/story/24/09/27/2226229/meta-fined-102-million-for-storing-600-million-passwords-in-plain-text?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Meta Fined $102 Million For Storing 600 Million Passwords In Plain Text
Feedly Summary:
AI Summary and Description: Yes
Summary: Meta has faced a hefty fine of $101.5 million from the Irish Data Protection Commission for improperly storing user passwords in plain text, highlighting serious compliance failures under GDPR. The incident underscores the critical importance of data protection measures and adherence to privacy regulations, particularly regarding sensitive data like passwords.
Detailed Description: The situation involving Meta raises significant concerns not only about data security practices but also compliance with international regulations, especially GDPR. Below are the key points derived from the incident:
– **Major Fine Imposed**: The Irish Data Protection Commission (DPC) has fined Meta a substantial amount for failing to protect user passwords adequately.
– **Storage in Plain Text**: The commission found that over half a billion user passwords were stored in plain text, which is a known security risk that can lead to unauthorized access and data breaches.
– **Access by Engineers**: Some engineers reportedly had access to these passwords for over a decade, highlighting a severe lapse in security controls and access restrictions.
– **Impact on Users**: The issue predominantly affected non-US users, particularly those using Facebook Lite, a service aimed at regions with slower internet connectivity.
– **GDPR Violations**: Meta was found guilty of infringing multiple aspects of GDPR, especially its duty to notify the DPC promptly regarding personal data breaches.
– **Delayed Notification**: Although Meta eventually reported the breach, it did so several months after the initial discovery, raising further compliance concerns.
– **Statements from Authorities**: Graham Doyle, Deputy Commissioner at the DPC, emphasized that storing passwords in plain text fails to align with accepted security practices and increases the risk of data abuse.
This incident underlines the critical necessity for companies to implement robust data security measures and comply with privacy regulations to protect user information responsibly. Compliance and security professionals should take note of these findings to enhance their practices and ensure adherence to legal standards.