Meta Fined €100 Million for Massive Data Security Breach

Meta Fined $100M For Storing Over Half A Billion Passwords In Plaintext: Mark Zuckerberg-Led Company Reportedly Had 2000 Employees Querying Them 9M Times - Meta Platforms (NASDAQ:META)

Meta Platforms Inc. META has been fined €91 million ($101.5 million) by Ireland's Data Protection Commission (DPC) for a 2019 security breach. What Happened: The DPC initiated an investigation in April 2019 under the General Data Protection Regulation (GDPR) after Meta, then known as Facebook, disclosed that "hundreds of millions" of user passwords were stored in plaintext on its servers. To make matters worse, the 600 million passwords stored in plaintext were reportedly accessed by 2,000 engineers at the company nearly nine million times. The DPC concluded that Meta did not meet the GDPR's security standards, as the passwords were unencrypted, posing a risk of unauthorized access to users' social media accounts. The regulator also found that Meta failed to report the breach within the required 72-hour timeframe and did not properly document the incident. Deputy Commissioner Graham Doyle emphasized the sensitivity of the exposed passwords, noting the risks of abuse from unauthorized access. See Also: iOS 18 Includes Apple's New Passwords App with End-to-End Encryption: Here's How You Use It This fine adds to Meta's history of GDPR penalties, highlighting ongoing privacy compliance issues. The €91 million penalty is significantly higher than the €17 million fine imposed in March 2022 for a separate 2018 breach. Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox. Why It Matters: This latest fine is part of a series of penalties that Meta has faced over the years for privacy violations. In March 2022, the Irish government fined Meta $18.6 million for mishandling 12 data breaches between June 2018 and December 2018. The DPC found that Meta failed to implement adequate security measures to protect EU users' data. In January 2023, the Irish watchdog imposed a €390 million fine on Meta for user privacy violations. The penalty was related to Meta's handling of user data for personalized advertising, which was found to be in breach of GDPR regulations. More recently, in July 2023, Meta faced the threat of a $100,000 daily fine in Norway if it did not amend its privacy policies. The Norwegian Data Protection Authority imposed a three-month ban on Meta's behavioral advertising, with potential extensions by the European Data Protection Board. Check out more of Benzinga's Consumer Tech coverage by following this link. Read Next: Meta Unveils Zuckerberg's 10-Year Vision With Orion Glasses, Nvidia's Jensen Huang Rocks Them Disclaimer: This content was partially produced with the help of AI tools and was reviewed and published by Benzinga editors. Photo courtesy: Shutterstock Market News and Data brought to you by Benzinga APIs

Ireland fines Meta €91 million over EU data breach

An Irish regulator helping to police European Union data privacy said Friday it had fined Facebook-owner Meta 91 million euros ($102 million) for password-security breaches. The Data Protection Commission criticised Meta for failing to put in place appropriate security measures to protect users' password data and for taking too long to alert the regulator over the issue.An Irish regulator helping to police European Union data privacy said Friday it had fined Facebook-owner Meta 91 million euros ($102 million) for password-security breaches. The Data Protection Commission criticised Meta for failing to put in place appropriate security measures to protect users' password data and for taking too long to alert the regulator over the issue. An inquiry was launched in April 2019 after Meta Ireland informed the regulator that it had "inadvertently stored certain passwords of social media users" in a readable format on its internal system, the DPC said in a statement. "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Graham Doyle, the regulator's head of communications. Doyle told AFP that the breach, which took place in January 2019, affected 36 million Facebook and Instagram users across the European Economic Area, which comprises the EU plus Iceland, Liechtenstein and Norway. The regulator criticised Meta for not alerting the DPC of the problem until March 2019. In a statement to AFP, Meta acknowledged that some Facebook users' passwords were "temporarily stored in a readable format in our internal data systems". "We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly. "We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry", a Meta spokesperson added. - Tech crackdown - Many global tech companies including Google, Apple and Meta, base their European operations in Dublin. As a result, Ireland's data protection agency is the lead regulator responsible for holding them to account. The fine issued Friday, dwarfed by Meta's multi-billion-dollar earnings, is the latest in a series issued to the US social media giant and its rivals, as global regulators seek to rein in big tech firms over also taxation, competition and disinformation. Ireland this month launched an investigation in Google's artificial intelligence development. It came as the European Commission scored two major legal victories in separate cases that left Apple and Google owing billions of euros. At the same time, an EU court scrapped a 1.49-billion euro fine imposed by Brussels against Google over abuse of dominance in online advertising. Tech giants are also seeking out each other over alleged breaches. Google on Wednesday said it had filed a complaint against Microsoft at the European Commission, accusing its rival of "anticompetitive" licensing practices to force customers to use its cloud service. ajb/bcp/lth