Meta had failed in several areas – including not notifying the authorities promptly about the breach and failing to use adequate security measures to protect users’ sensitive information. Storing passwords in plain text is a major no-no in the world of cybersecurity
read more
Meta, the parent company of Facebook and Instagram, has found itself in hot water after being hit with a hefty €91 million fine by the Irish Data Protection Commission (DPC).
The penalty comes as a result of a major security mishap from 2019, where it was discovered that the social media giant had been storing users’ passwords in plain text – meaning they were not encrypted or hidden in any way.
This revelation sent shockwaves through the tech world, prompting an investigation by the DPC.
The DPC launched its probe in April 2019, shortly after Meta had admitted to the mistake. It found that Meta had breached multiple regulations under the European Union’s strict General Data Protection Regulation (GDPR).
The investigation pointed out that Meta had failed in several areas – including not notifying the authorities promptly about the breach and failing to use adequate security measures to protect users’ sensitive information. Storing passwords in plain text is a major no-no in the world of cybersecurity, and Meta’s oversight sparked widespread concern.
Meta’s password storage systems in the spotlight
The issue first came to light when Meta revealed that some Facebook passwords had been stored in plain text, going back as far as 2012. Shockingly, it was reported that around 2,000 engineers had made millions of internal queries involving unprotected passwords.
While Meta was quick to assure the public that there was no sign of the passwords being accessed or misused, the damage to their reputation was already done.
Just a month later, Meta admitted that the problem wasn’t limited to Facebook. Millions of Instagram passwords had also been stored in the same vulnerable manner, leading to a second wave of concern. Meta began notifying the affected users, reassuring them that the issue had been addressed.
Meta’s response
In response to the fine, Meta stated that it had taken “immediate action” to fix the error and had been proactive in alerting the DPC about the problem.
However, the DPC was clear in its stance that such sensitive data, especially something as crucial as passwords, should never have been stored in this way. The watchdog stressed that the potential risks associated with this kind of lapse could have been catastrophic had the data fallen into the wrong hands.
Meta now faces the consequences of what could only be described as a massive blunder in password security.