Meta fined $101.5m for storing millions of user passwords in the open

Ireland's Data Protection Commission (DPC) has imposed a $101.5m (€91m) fine on Meta after concluding an investigation into a 2019 data breach.

Here's What We Know

The investigation revealed that the company stored user passwords in plain, text format. Meta initially said it discovered the passwords in plaintext on its servers in January 2019. However, the company updated the statement a month later, adding that millions of Instagram users' passwords were also stored in an easy-to-read format.

While Meta did not specify the number of accounts affected, a senior employee told Krebs on Security that up to 600 million passwords were affected by the incident. Some passwords had been stored publicly since 2012 and were searchable by more than 20,000 Facebook employees. The DPC clarified that the passwords were not available to third parties.

The Commission found that Meta violated several rules of the General Data Protection Regulation adopted by the European Union (GDPR), as well as failing to notify the DPC of the breach and failing to properly document it. The company was also found to have failed to use proper technical measures to secure user passwords. In addition to the fine, Meta was reprimanded by the DPC. The commission's full decision will be released at a later date.

Source: Engadget