One of the largest social networking companies in the world, Meta, has been fined by the Irish Data Protection Commission (DPC) as much as $102 million (€ 91 million) due to their user password storage method. According to the DPC, Meta stored user passwords in plaintext.
Meta previously defended its actions and claimed that no users were harmed using its method. However, security researchers have disagreed.
The investigation against Meta lasted for five years before the data privacy authorities concluded that Meta was culpable for its negligence.
Meta Faces a $102M Fine for Storing User Passwords in Plaintext
(Photo : Kirill Kudryavtsev/AFP via Getty Images)
The DPC claimed that it found "infringements" done by Meta against the General Data Protection Regulation (GDPR). The DPC likewise claimed that Meta failed to notify the commission of "a personal data breach" of the stored passwords in plaintext.
It was likewise claimed that the company did not rectify its security issues "against unauthorised processing."
Read Also: Instagram Faces $5 Million Lawsuit for Exposing Teenagers to Harmful Content
5-Year Investigation Claims 600 Million Users Were Affected
Initially, Meta disclosed that only 20,000 Facebook user passwords were stored in plaintext. Eventually, it was later revealed that millions of Instagram user passwords were stored in an "easily readable format" (via Engadget).
Allegedly, a Meta senior employee shared with Krebs on Security that this incident affected as many as 600 million users on the platform.
Meta's Privacy Practices and Issues
Meta has seen its fair share of privacy issues because of their practices online, and this includes the claims made by researchers or regulatory heads after discovering certain problems with its safety practices. Earlier this year, Meta settled a privacy lawsuit filed against them by Texas for as much as $1.4 billion for its facial recognition technology that affected users, who did not consent to such technology.
Over the years, Meta has also faced allegations and accusations from advocates and regulators against its privacy practices for teenagers, especially regarding what kind of content and experiences they face online. Different lawsuits have been filed against Meta by different United States states and international authorities for allegedly failing to protect those who are under the legal age from the dangers of social media.
The privacy fiasco that Meta faced throughout the years saw different complaints for mishandling user content or failing to protect a person's data online. Now, a five-year investigation by Ireland has been concluded, which found that Meta failed to protect users' privacy again because of its lackluster password storage method.
Related Article: Drug Dealers Have Ads on Facebook, Instagram as Meta, Zuck are Probed by Congress