Impreza Portal
Sign InMy ServicesMy DomainsMy InvoicesMy Tickets
Documentation
News
Impreza AI
Our Platform
Carbon Removal
Tutorials
Video TutorialsImpreza Community
More
UptimeNetwork StatusWHOISAffiliatesJobsAbout us
Contact
Submit TicketSend an EmailTelegramReport Abuse
Take a look!
HOMEDOMAINS
CONTACT
Impreza Community Introduction
Questions? Our AI can help you out!
Impreza AI
AI Support Assistant
Online — 24/7
1
Login
Sign InCreate an Account
No Comments

Ireland fines Meta €91 million for storing passwords in plaintext

 

Ireland’s Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) €91 million for storing passwords of hundreds of millions of users in plaintext.

The breach, which occurred in 2019, was publicly disclosed by Meta, prompting an investigation by the DPC into Meta’s handling of sensitive user data.

According to the DPC’s announcement, “In March 2019, MPIL notified the DPC that it had inadvertently stored certain social media user passwords in ‘plaintext’ on its internal systems, lacking cryptographic protection or encryption.”

Meta’s 2019 disclosure revealed that a routine security review had uncovered “some user passwords” stored in a readable format on its systems. While the company did not provide specific numbers, it anticipated notifying “hundreds of millions of Facebook Lite users, tens of millions of Facebook users,” and millions of Instagram users.

Meta stated that no external parties had access to the passwords, and no evidence of misuse or unauthorized access was found during the review.

Storing user passwords without proper security measures, such as encryption and access control, violates several General Data Protection Regulation (GDPR) articles, which require data controllers to ensure the security of personal data:

  • Article 33(1) – Notification of a Personal Data Breach: Meta failed to promptly notify the DPC about the plaintext storage of user passwords, constituting a personal data breach.
  • Article 33(5) – Documentation of a Personal Data Breach: Meta did not maintain proper documentation of the incident, violating requirements for record-keeping on personal data breaches.
  • Article 5(1)(f) – Integrity and Confidentiality: Meta did not implement adequate security measures, leaving the passwords stored without encryption.
  • Article 32(1) – Security of Processing: Meta did not apply sufficient technical and organizational measures to safeguard the passwords, such as encryption, to ensure data confidentiality and prevent unauthorized access.

Taking into account Meta’s voluntary notification to the Irish DPC, the regulatory body issued an official reprimand alongside the €91 million fine.

The DPC will release a full decision on the incident at a later date, detailing the conclusions of its investigation.

 

Source: BleepingComputer,

You might also like
CyberSecurity, Mobile Apps, News
CyberSecurity, Mobile Apps, News

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.