Meta, the parent company of Facebook and Instagram, has been fined €91 million by the Irish Data Protection Commission (DPC).
The penalty resulted from a significant security mishap in 2019. It was discovered that the social media giant had been storing users’ passwords in plain text, meaning they were not encrypted or hidden in any way.
This revelation sent shockwaves through the tech world, prompting an investigation by the DPC.
The DPC launched its probe in April 2019, shortly after Meta had admitted to the mistake. It found that Meta had breached multiple regulations under the European Union’s strict General Data Protection Regulation (GDPR).
The investigation pointed out that Meta had failed in several areas, including not notifying the authorities promptly about the breach and failing to use adequate security measures to protect users’ sensitive information. Storing passwords in plain text is a major no-no in the world of cybersecurity, and Meta’s oversight sparked widespread concern.
Meta’s password storage systems in the Spotlight
The issue first came to light when Meta revealed that some Facebook passwords had been stored in plain text as far back as 2012. Shockingly, it was reported that around 2,000 engineers had made millions of internal queries involving unprotected passwords.
While Meta was quick to assure the public that there was no sign of the passwords being accessed or misused, their reputation was already damaged.
Just a month later, Meta admitted that the problem wasn’t limited to Facebook. Millions of Instagram passwords had also been stored in the same vulnerable manner, leading to a second wave of concern. Meta began notifying the affected users, reassuring them that the issue had been addressed.
Meta’s response
In response to the fine, Meta stated that it had taken “immediate action” to fix the error and proactively alerted the DPC about the problem.
However, the DPC clearly stated that such sensitive data, especially something as crucial as passwords, should never have been stored this way. The watchdog stressed that the potential risks associated with this kind of lapse could have been catastrophic had the data fallen into the wrong hands.
Meta now faces the consequences of what could only be described as a massive blunder in password security.