Meta's Massive Password Breach Fine
Curated by
aaronmut
3 min read
15,650
224
According to reports from TechCrunch, Meta has been fined €91 million (approximately $101.5 million) by Ireland's Data Protection Commission for a 2019 incident that exposed hundreds of millions of Facebook and Instagram passwords in plain text, potentially compromising user security.
Plain Text Password Storage
Storing passwords in plain text is a major security vulnerability that exposes users to significant risks. When passwords are stored unencrypted, anyone with access to the database can easily read and potentially misuse them
1
2
. This practice violates fundamental security principles and can lead to severe consequences:
- Unauthorized access: Hackers who breach the system gain immediate access to all user credentials3.
- Data breaches: Compromised passwords can be used to access other accounts if users reuse passwords across multiple sites3.
- Legal and regulatory issues: Storing passwords in plain text may violate data protection laws like GDPR and industry standards such as PCI DSS4.
- Loss of user trust: Public disclosure of plain text password storage can severely damage an organization's reputation2.
2
3
.4 sources
Impact on User Trust
The massive data breaches and privacy violations by Meta have significantly eroded user trust in the company and its platforms. A 2022 survey found that 74% of consumers would stop shopping with their favorite retailers if they couldn't ensure personal data security
1
. This sentiment is especially strong among younger demographics like Millennials and Gen Z, who are increasingly privacy-conscious. The repeated fines and scandals have led to:
- Increased skepticism about Meta's data handling practices
- Growing demand for stronger privacy controls and transparency
- Users becoming more cautious about sharing personal information
- Some users abandoning or reducing usage of Facebook and Instagram
- Calls for stricter regulation of big tech companies' data practices
1
. The company faces pressure to fundamentally reshape its data-driven business model to align with evolving privacy expectations.1 source
Irish Data Protection Commission Fine
The Irish Data Protection Commission (DPC) imposed a €91 million fine on Meta Platforms Ireland Limited for failing to adequately protect user passwords
1
2
. This penalty stems from an investigation launched in April 2019 after Meta reported inadvertently storing certain user passwords in plaintext on its internal systems1
. The DPC emphasized that storing passwords without encryption poses significant risks of abuse and violates the EU's General Data Protection Regulation (GDPR), which mandates appropriate security measures for processing personal data1
.
Key points of the fine include:
- It's one of several GDPR fines Meta has faced, following a record €1.2 billion penalty in 2023 for improper data transfers1.
- The DPC's decision was submitted to other EU national supervisory authorities in June 2024, with no objections raised to the fine amount1.
- Meta has been ordered to bring its data processing into compliance within 6 months of the final decision notification3.
3 sources
Related
What were the main reasons behind the €1.2 billion fine imposed on Meta
How did Meta respond to the €91 million fine for password safety issues
What changes did Meta implement after the €1.2 billion fine
How does the €1.2 billion fine compare to other GDPR fines
What are the implications of the €1.2 billion fine for Meta's global operations
Keep Reading
The Big National Data Breach
The National Public Data breach, one of the largest in history, has exposed the personal information of approximately 2.9 billion individuals, raising serious concerns about data security and privacy. As reported by Bloomberg, the breach involved a massive database containing sensitive data such as Social Security numbers, names, and addresses, which was allegedly stolen by cybercriminals and offered for sale on the dark web.
58,902
Zuckerberg: AI Data Overvalued
Meta CEO Mark Zuckerberg has sparked controversy by suggesting that creators and publishers overvalue their contributions to AI training data, a stance that aligns with the broader tech industry's perspective on the use of vast amounts of information for developing artificial intelligence systems.
16,051
Meta Bans Jet Trackers
Meta has suspended several Instagram and Threads accounts that track the private jets of high-profile individuals, including Elon Musk, Taylor Swift, and Mark Zuckerberg, citing privacy concerns and potential safety risks. According to reports from TechCrunch and Fast Company, the company stated that these accounts violated its privacy policy, emphasizing the risk of physical harm to individuals.
15,643
23andMe's DNA Data Crisis
As reported by sources, genetic testing company 23andMe is facing bankruptcy and potential sale, raising concerns about the fate of millions of customers' DNA data and sparking urgent calls for users to delete their information before it's too late.
15,203