Save up to $1,100 on Galaxy S24 Ultra!
Amazon Black Friday is here
The Amazon Black Friday deals are here early, enjoy the best discounts of the year now.
00 days
00 hrs
00 mins

Meta spanked for violating GDPR as it stored 600 million social media account passwords in plaintext

By
2comments
Google News Follow
Follow us on Google News
iOS Android Apps
Meta's infinity logo is printed above the company's wordmark on an off-white backdrop.
In a day and age when online security is more important than ever, Meta Platforms Ireland Limited (MPIL).was found to have stored over 600 million passwords belonging to Instagram and Facebook users in plaintext. Some of these passwords have been around in this form for more than 10 years. The sunshine first fell on this subject matter in 2019 when Facebook, now known as Meta, admitted to the Data Protection Commission (DPC) that hundreds of millions of passwords were stored inadvertently unencrypted in plaintext.

After a five-year investigation by the DPC, Meta's operations in Ireland were fined $101.5 million. Meta was found to have violated Europe's General Data Protection Regulation (GDPR) by not storing the passwords of many Instagram and Facebook users in a more secure manner. Meta claimed that these unencrypted passwords were not available to people outside of the company. However, the company did admit that 2,000 engineers had made 9 million queries regarding this specific user database.

The DPC's decision found that Meta Platforms Ireland Limited (MPIL) failed to follow GDPR rules by committing the following violations:

Article 33(1)-MPIL failed to notify the DPC of a personal data breach concerning storage of user passwords in plaintext;
Article 33(5)-MPIL failed to document personal data breaches concerning the storage of user passwords in plaintext;
Article 5(1)(f)-MPIL did not use appropriate technical or organizational measures to ensure appropriate security of users’ passwords against unauthorized processing; and
Article 32(1)-MPIL did not implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the ability to ensure the ongoing confidentiality of user passwords.

"It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data. It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."-Graham Doyle, Deputy Commissioner at the DPC

Recommended Stories
The decision by the DPC requires Meta to issue a reprimand pursuant to Article 58(2)(b) GDPR; and pay the aforementioned 91 million Euro fine ($101.5 million). The DPC added that it will publish the full Decision and further related information in due course. It is believed that the passwords included in the ruling only cover non-US users. In 2019, Meta told CNN that the majority of the plaintext passwords were for a service called Facebook Lite which was a less comprehensive social media service for areas of the world that had slower internet connectivity.

Information about the ruling from the Data Protection Commission.
The Irish Data Protection Commission fines Meta the equivalent of $101.5 million for violating the GDPR. | Image credit-Data Protection Commission

Meta owns Facebook, Messenger, Instagram, and WhatsApp.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

Time has come to say goodbye to T-Mobile app after 12 years
Time has come to say goodbye to T-Mobile app after 12 years
T-Mobile introduces welcome change for iPhone users
T-Mobile introduces welcome change for iPhone users
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
AT&T wants to shut down a network with only 52 users (UPDATE: AT&T responds)
People are hearing voices coming from their iPhone
People are hearing voices coming from their iPhone
This better not be happening: YouTube Premium users are seeing ads
This better not be happening: YouTube Premium users are seeing ads
Best Buy is now selling the 512GB OnePlus 12 flagship at its killer Black Friday price
Best Buy is now selling the 512GB OnePlus 12 flagship at its killer Black Friday price

Latest News

Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Amazon slashes the 512GB Galaxy S24 Ultra by $350 for Black Friday, making it a can't-miss offer
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Surprise Amazon Black Friday deal slashes more than $250 off the cheapest Pixel 9 model
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Sizzling hot Black Friday 2024 deal makes Apple's 2022 iPad cheaper than ever before
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
Oppo Find X8 Series goes global with new Hasselblad camera system, ColorOS 15
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
T-Mobile proves its mettle against Verizon and AT&T by doing for customers what rivals were unable to
Apple releases iPhone and iPad security updates you should install ASAP
Apple releases iPhone and iPad security updates you should install ASAP
FCC OKs Cingular\'s purchase of AT&T Wireless