Meta fined $102 million by the Irish Data Protection Commission

Image of Iron Brands

Published on Nov 12, 2024 by Iron Brands

TLDR:

  • Meta fined $102 million by the Irish Data Protection Commission (DPC) for storing user passwords in >plain text.
  • The breach involved up to 600 million passwords, some accessible to over 20,000 employees.
  • Meta failed to promptly notify the DPC and lacked proper security measures, violating GDPR rules.

Read the full article here.

In a significant privacy lapse, Meta has been fined $102 million by the Irish Data Protection Commission (DPC) for storing user passwords in plain text.

This breach, affecting potentially up to 600 million users, highlights serious concerns about data security practices at one of the world's largest tech companies.

So... what happend

The issue dates back to 2019 when Meta discovered that user passwords were being stored in plain text on its servers, a practice that violates basic security protocols. Initially, the company acknowledged the problem but later revealed that millions of Instagram passwords were also compromised. Some of these passwords had been stored in this vulnerable format since 2012 and were accessible to over 20,000 employees, though there was no evidence of external access.

The DPC's investigation concluded that Meta violated several GDPR regulations by failing to:

  • Promptly notify the DPC of the breach.
  • Document the breach adequately.
  • Implement appropriate technical measures to secure user passwords.

These failures underscore a lack of due diligence in protecting user data.

Impact and Implications

This incident serves as a stark reminder of the importance of robust data security measures. For users, it raises concerns about the safety of personal information entrusted to major platforms. For companies, it highlights the necessity of adhering to data protection laws like GDPR to avoid substantial fines and reputational damage.

The fine imposed on Meta reflects the seriousness of the breach and serves as a warning to other organizations about the consequences of inadequate data protection practices.

Final Thoughts

This case illustrates the critical need for companies to prioritize data security and comply with privacy regulations. As users, it's essential to be aware of how our data is handled and to choose services that respect our privacy.

At Simple Analytics, we are committed to providing a straightforward, privacy-friendly alternative to traditional analytics platforms, ensuring your data remains secure and private.