Meta Fined $102M by Ireland for Storing User Passwords in Plaintext

One of the largest social networking companies in the world, Meta, has been fined by the Irish Data Protection Commission (DPC) as much as $102 million (€ 91 million) due to their user password storage method. According to the DPC, Meta stored user passwords in plaintext.

Meta previously defended its actions and claimed that no users were harmed using its method. However, security researchers have disagreed.

The investigation against Meta lasted for five years before the data privacy authorities concluded that Meta was culpable for its negligence.

Meta Faces a $102M Fine for Storing User Passwords in Plaintext

Meta Will Shut Down its Data Analytics Tool for Journalists
Kirill Kudryavtsev/AFP via Getty Images

The DPC said that it is now done with its investigation against Meta, and it has come to its final decision of imposing a $102 million fine against the tech company. This fine is given to Meta Platforms Ireland Limited (MPIL) after it reported that it stored user passwords in plaintext all the way back in April 2019.

The DPC claimed that it found "infringements" done by Meta against the General Data Protection Regulation (GDPR). The DPC likewise claimed that Meta failed to notify the commission of "a personal data breach" of the stored passwords in plaintext.

It was likewise claimed that the company did not rectify its security issues "against unauthorised processing."

5-Year Investigation Claims 600 Million Users Were Affected

Initially, Meta disclosed that only 20,000 Facebook user passwords were stored in plaintext. Eventually, it was later revealed that millions of Instagram user passwords were stored in an "easily readable format" (via Engadget).

Allegedly, a Meta senior employee shared with Krebs on Security that this incident affected as many as 600 million users on the platform.

Meta's Privacy Practices and Issues

Meta has seen its fair share of privacy issues because of their practices online, and this includes the claims made by researchers or regulatory heads after discovering certain problems with its safety practices. Earlier this year, Meta settled a privacy lawsuit filed against them by Texas for as much as $1.4 billion for its facial recognition technology that affected users, who did not consent to such technology.

Over the years, Meta has also faced allegations and accusations from advocates and regulators against its privacy practices for teenagers, especially regarding what kind of content and experiences they face online. Different lawsuits have been filed against Meta by different United States states and international authorities for allegedly failing to protect those who are under the legal age from the dangers of social media.

The privacy fiasco that Meta faced throughout the years saw different complaints for mishandling user content or failing to protect a person's data online. Now, a five-year investigation by Ireland has been concluded, which found that Meta failed to protect users' privacy again because of its lackluster password storage method.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags Meta

More from iTechPost

Real Time Analytics