The Irish Data Protection Commission (DPC) fined Meta €91 million (about $137 million CAD) for a 2019 security breach in which the company mistakenly stored user passwords in plain text.
Per Engadget, Meta originally reported that it found some user passwords stored in plain text on its servers, but a month after the initial reveal, the company announced millions of Instagram passwords were also stored in plain text. While the company hasn’t said how many accounts were impacted, a senior employee told Krebs on Security that the incident involved up to 600 million passwords.
Moreover, the passwords were reportedly searchable by as many as 20,000 Facebook employees, though the DPC has now clarified that the passwords were not made available to external parties.
Meta violated multiple General Data Protection Regulation (GDPR) rules, according to the DPC. These include failure to notify the DPC about the breach without delay, failure to document the personal data breach, and failure to use appropriate technical measures to ensure password security.
Along with the fine, the DPC also reprimanded Meta, though it won’t be clear what it entails for the company until the commission publishes its full and final decision.
Source: Engadget
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.