Monday, October 14, 2024

Irish DPC fines Meta €91 million over password management lapse – Euractiv

Date:


The Irish Data Protection Commission (DPC) fined Meta €91 million for “inadvertently” storing user passwords without cryptographic protection or encryption, closing a five-year-old case, according to a Friday press release.

The DPC investigation started in April 2019 after Meta’s Ireland entity notified the authorities in charge of regulating Facebook and Instagram parent in the EU.

The company had been storing social media users’ passwords in plain text in its internal databases, meaning they were available to thousands of employees, CNN reported at the time. Meta discovered the exposed passwords in a security review in January 2019, with millions of users affected.

The DPC submitted its draft decision to other EU and EEA authorities in June and received no objections.

“There is no evidence that these passwords were abused or accessed improperly,” and Meta “proactively” notified the lead regulator, the DPC, a company spokesperson told Euractiv in an email.

“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” said Deputy Commissioner at the DPC, Graham Doyle, in the press release.

Meta was found in breach of the General Data Protection Regulation (GDPR), specifically for not securing the passwords, failing to notify the authority, and not documenting the data breach.

[Edited by Alice Taylor-Braçe]

Read more with Euractiv





Source link

Share post:

spot_img

Popular

More like this
Related

Windows Security: What is Memory Integrity?

Windows Security is the built-in antivirus suite within...

Ambani’s Reliance lobbies India on satellite spectrum in new face-off with Musk

Ambani’s Reliance has argued that the telecom regulator...

Europe lifts off from its launcher crisis

For the European space industry, the deafening rumble...