hollywoodreporter.com
 
Meta's Massive Password Breach Fine
User avatar
Curated by
aaronmut
3 min read
15,650
224
According to reports from TechCrunch, Meta has been fined €91 million (approximately $101.5 million) by Ireland's Data Protection Commission for a 2019 incident that exposed hundreds of millions of Facebook and Instagram passwords in plain text, potentially compromising user security.

Plain Text Password Storage

Storing passwords in plain text is a major security vulnerability that exposes users to significant risks. When passwords are stored unencrypted, anyone with access to the database can easily read and potentially misuse them
1
2
.
This practice violates fundamental security principles and can lead to severe consequences:
  • Unauthorized access: Hackers who breach the system gain immediate access to all user credentials
    3
    .
  • Data breaches: Compromised passwords can be used to access other accounts if users reuse passwords across multiple sites
    3
    .
  • Legal and regulatory issues: Storing passwords in plain text may violate data protection laws like GDPR and industry standards such as PCI DSS
    4
    .
  • Loss of user trust: Public disclosure of plain text password storage can severely damage an organization's reputation
    2
    .
To mitigate these risks, organizations should implement secure password storage techniques like cryptographic hashing with salting, which makes it computationally infeasible to recover the original passwords even if the database is compromised
2
3
.
cwe.mitre.org favicon
eitca.org favicon
securecodewarrior.com favicon
4 sources

Impact on User Trust

The massive data breaches and privacy violations by Meta have significantly eroded user trust in the company and its platforms. A 2022 survey found that 74% of consumers would stop shopping with their favorite retailers if they couldn't ensure personal data security
1
.
This sentiment is especially strong among younger demographics like Millennials and Gen Z, who are increasingly privacy-conscious. The repeated fines and scandals have led to:
  • Increased skepticism about Meta's data handling practices
  • Growing demand for stronger privacy controls and transparency
  • Users becoming more cautious about sharing personal information
  • Some users abandoning or reducing usage of Facebook and Instagram
  • Calls for stricter regulation of big tech companies' data practices
Meta has attempted to rebuild trust by offering more privacy options, but regaining user confidence remains an uphill battle given its track record of privacy issues
1
.
The company faces pressure to fundamentally reshape its data-driven business model to align with evolving privacy expectations.
datagrail.io favicon
1 source

Irish Data Protection Commission Fine

The Irish Data Protection Commission (DPC) imposed a €91 million fine on Meta Platforms Ireland Limited for failing to adequately protect user passwords
1
2
.
This penalty stems from an investigation launched in April 2019 after Meta reported inadvertently storing certain user passwords in plaintext on its internal systems
1
.
The DPC emphasized that storing passwords without encryption poses significant risks of abuse and violates the EU's General Data Protection Regulation (GDPR), which mandates appropriate security measures for processing personal data
1
.
Key points of the fine include:
  • It's one of several GDPR fines Meta has faced, following a record €1.2 billion penalty in 2023 for improper data transfers
    1
    .
  • The DPC's decision was submitted to other EU national supervisory authorities in June 2024, with no objections raised to the fine amount
    1
    .
  • Meta has been ordered to bring its data processing into compliance within 6 months of the final decision notification
    3
    .
euronews.com favicon
irishtimes.com favicon
edpb.europa.eu favicon
3 sources
Related
What were the main reasons behind the €1.2 billion fine imposed on Meta
How did Meta respond to the €91 million fine for password safety issues
What changes did Meta implement after the €1.2 billion fine
How does the €1.2 billion fine compare to other GDPR fines
What are the implications of the €1.2 billion fine for Meta's global operations
Keep Reading
The Big National Data Breach
The Big National Data Breach
The National Public Data breach, one of the largest in history, has exposed the personal information of approximately 2.9 billion individuals, raising serious concerns about data security and privacy. As reported by Bloomberg, the breach involved a massive database containing sensitive data such as Social Security numbers, names, and addresses, which was allegedly stolen by cybercriminals and offered for sale on the dark web.
58,902
Zuckerberg: AI Data Overvalued
Zuckerberg: AI Data Overvalued
Meta CEO Mark Zuckerberg has sparked controversy by suggesting that creators and publishers overvalue their contributions to AI training data, a stance that aligns with the broader tech industry's perspective on the use of vast amounts of information for developing artificial intelligence systems.
16,051
Meta Bans Jet Trackers
Meta Bans Jet Trackers
Meta has suspended several Instagram and Threads accounts that track the private jets of high-profile individuals, including Elon Musk, Taylor Swift, and Mark Zuckerberg, citing privacy concerns and potential safety risks. According to reports from TechCrunch and Fast Company, the company stated that these accounts violated its privacy policy, emphasizing the risk of physical harm to individuals.
15,643
23andMe's DNA Data Crisis
23andMe's DNA Data Crisis
As reported by sources, genetic testing company 23andMe is facing bankruptcy and potential sale, raising concerns about the fate of millions of customers' DNA data and sparking urgent calls for users to delete their information before it's too late.
15,203