Ireland fines Meta $102M for lapse in PASSWORD SECURITY

We support our Publishers and Content Creators. You can view this story on their website by CLICKING HERE.

Ireland has slapped a huge fine on Mark Zuckerberg’s Meta Platforms, alongside a formal reprimand, for failing to protect its users’ passwords.

The Irish Data Protection Commission (DPC) announced the penalties on Sept. 27, emphasizing that the company failed to implement appropriate security measures for user passwords. The €91 million ($102 million) fine and formal reprimand followed the DPC’s four-year investigation into how the tech giant safeguarded sensitive user data.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” DPC Deputy Commissioner Graham Doyle said in a statement. “It must be borne in mind that the passwords subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.”

In March 2019, Meta notified the DPC that it had inadvertently stored certain passwords of social media users in “plaintext” on its internal systems, without cryptographic protection or encryption. It nevertheless claimed that these passwords were not made available to external parties.

The investigation that commenced in April of the same year assessed Meta’s compliance with the General Data Protection Regulation (GDPR), and in particular, whether the company implemented measures to ensure a level of security appropriate to the risks associated with the processing of passwords. Also, the DPC examined whether Meta complied with its obligations to document and notify the DPC of personal data breaches.

The DPC’s final decision identified four areas wherein Meta’s practices were found to have run afoul of various GDPR provisions:

Meta failed to notify the regulators on time about the personal data breach.
Meta did not adequately document the incident.
Meta did not implement appropriate technical and organizational measures to protect user passwords from unauthorized access.
Meta did not ensure a security level appropriate to the risks associated with storing passwords in plaintext.

The Irish regulators said they would publish the full details of their decision in the coming weeks.

Not the first time Meta ran afoul of the DPC

The DPC’s $102 million fine is the latest in a series of hefty fines for Meta and its social media platforms from the Dublin-based watchdog, which is the company’s lead regulator under the 27-nation EU’s stringent data privacy rulebook.

DPC already imposed a $1.34 billion fine on Mark Zuckerberg’s social media platform for unlawfully transferring European Union user data to the U.S. last May. A pair of fines totaling $414 million for GDPR breaches related to Facebook and Instagram followed immediately.

Meanwhile, reports indicate that Meta says the exposure was not that big of a deal.

According to Meta, its internal review found the passwords were only readable for a short time. The company purportedly acted quickly once the problem was identified, and no one’s privacy had been violated.

“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” Meta wrote in response as per AP News. “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”

Pedro Canahuati, Meta’s vice president of engineering, security and privacy, said in a statement back when the probe was starting that these passwords were never visible to anyone outside of Facebook and that they have found no evidence to date that anyone internally abused or improperly accessed them. (Related: Meta Platforms: MASS CENSORSHIP of Trump photo after failed assassination attempt was an “error.”)

Visit FacebookCollapse.com for stories about how Facebook fails to protect its users.

Watch the video below that talks about Meta CEO Mark Zuckerberg admitting to being pressured by the Biden-Harris administration to suppress information.

This video is from the NewsClips channel on Brighteon.com.