Meta Fined €91 Million by EU Privacy Regulator for Improper Password Storage

 

On Friday, Meta was fined €91 million ($101.5 million) by the European Union’s primary privacy regulator for accidentally storing some user passwords without proper encryption or protection.
The investigation began five years ago when Meta informed Ireland’s Data Protection Commission (DPC) that it had mistakenly saved certain passwords in plaintext format. At the time, Meta publicly admitted to the issue, and the DPC confirmed that no external parties had access to the passwords.
“It is a widely accepted practice that passwords should not be stored in plaintext due to the potential risk of misuse by unauthorized individuals,” stated Graham Doyle, Deputy Commissioner of the Irish DPC.
A Meta spokesperson mentioned that the company took swift action to resolve the error after it was detected during a 2019 security audit. Additionally, there is no evidence suggesting the passwords were misused or accessed inappropriately.
Throughout the investigation, Meta cooperated fully with the DPC, the spokesperson added in a statement on Friday.
Given that many major U.S. tech firms base their European operations in Ireland, the DPC serves as the leading privacy regulator in the EU. To date, Meta has been fined a total of €2.5 billion for violations under the General Data

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: