Meta Penalized $101 Million for Storing Passwords in Plaintext, Faces Heightened EU Oversight

 

Meta, the parent company of Facebook, has been fined Euro 91 million (USD 101 million) by the Irish Data Protection Commission (DPC) following the revelation that the company stored millions of user passwords in plaintext.  
Plaintext refers to readable data that does not need a decryption key to access. It can be any file or message, including text or binary data, that has not been encrypted yet. Plaintext is often used in tasks like document writing, coding, and email. In encryption, plaintext is the input that gets converted into ciphertext, which is the secured, unreadable version.
The breach, discovered during an internal review and disclosed in 2019, involved sensitive user data being accessible to over 2,000 engineers, who collectively queried the password database more than 9 million times. This fine adds to Meta’s growing list of penalties under the European Union’s General Data Protection Regulation (GDPR), which has cost the company more than Euro 2 billion since the regulation was introduced in 2018. Notably, Meta is appealing a record Euro 1.2 billion fine issued last year, making the company one of the most scrutinized by European regulators. 
Meta identified the security lapse during a routine check of its data storage practices. The company stated that no evidence was found to suggest that any internal personnel had misused the passwords or that external entities had accessed the data.

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: