eta is held responsible for the data breach from 2019 which led to millions of passwords being exposed. Meta has been fined with $101.5 due to a
privacy penalty in Europe.
If we go back in time, in 2019 in Europe. As a result, on Friday, Ireland’s Data Protection Commission also known as the DPC announced a reprimand and a $101.5 million fine after the investigation has been concluded.
The DPC opened a statutory inquiry to analyze and look into the event and since April 2019 Meta has been under the bloc’s General Data Protection Regulation (GDPR). The company was named Facebook back then and back then let users know that their passwords were stored as plaintext on their servers.
After the investigation had emerged, they concluded that Meta was guilty and did not meet the bloc’s legal requirements and standards since they did not encrypt the passwords. This action led to an increased risk of attacks and easier acces to third parties that could potentially harm and disclose their sensitive data. Meta broke the rules by not letting users know about the breach in the mandatory timeframe. Even more so, Meta also failed to document properly the breach.
Deputy Commissioner Graham Doyle wrote “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.”.
Subscribe to our newsletter
Even more so, Meta’s spokesperson Matthew Pollard wrote a statement in which he wrote that the company took “immediate action” over the matter. “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users’ social media accounts.” wrote Meta.
And that “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”.
This penalty is one of the biggest penalties Meta has received compared with the 17M euros that the company received in 2022 for a 2018 security breach.
By
Daria Dondea
•
September 27, 2024 4:00 PM
.webp)
.webp)
