Popular Articles
Today Week Month Year


Ireland fines Meta $102M for lapse in PASSWORD SECURITY
By Belle Carter // Oct 03, 2024

Ireland has slapped a huge fine on Mark Zuckerberg's Meta Platforms, alongside a formal reprimand, for failing to protect its users' passwords.

The Irish Data Protection Commission (DPC) announced the penalties on Sept. 27, emphasizing that the company failed to implement appropriate security measures for user passwords. The €91 million ($102 million) fine and formal reprimand followed the DPC's four-year investigation into how the tech giant safeguarded sensitive user data.

"It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," DPC Deputy Commissioner Graham Doyle said in a statement. "It must be borne in mind that the passwords subject of consideration in this case are particularly sensitive, as they would enable access to users' social media accounts."

In March 2019, Meta notified the DPC that it had inadvertently stored certain passwords of social media users in "plaintext" on its internal systems, without cryptographic protection or encryption. It nevertheless claimed that these passwords were not made available to external parties.

The investigation that commenced in April of the same year assessed Meta's compliance with the General Data Protection Regulation (GDPR), and in particular, whether the company implemented measures to ensure a level of security appropriate to the risks associated with the processing of passwords. Also, the DPC examined whether Meta complied with its obligations to document and notify the DPC of personal data breaches.

The DPC's final decision identified four areas wherein Meta's practices were found to have run afoul of various GDPR provisions:

  • Meta failed to notify the regulators on time about the personal data breach.
  • Meta did not adequately document the incident.
  • Meta did not implement appropriate technical and organizational measures to protect user passwords from unauthorized access.
  • Meta did not ensure a security level appropriate to the risks associated with storing passwords in plaintext.

The Irish regulators said they would publish the full details of their decision in the coming weeks.

Not the first time Meta ran afoul of the DPC

The DPC's $102 million fine is the latest in a series of hefty fines for Meta and its social media platforms from the Dublin-based watchdog, which is the company's lead regulator under the 27-nation EU's stringent data privacy rulebook.

DPC already imposed a $1.34 billion fine on Mark Zuckerberg's social media platform for unlawfully transferring European Union user data to the U.S. last May. A pair of fines totaling $414 million for GDPR breaches related to Facebook and Instagram followed immediately.

Meanwhile, reports indicate that Meta says the exposure was not that big of a deal.

According to Meta, its internal review found the passwords were only readable for a short time. The company purportedly acted quickly once the problem was identified, and no one's privacy had been violated.

"We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly," Meta wrote in response as per AP News. "We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry."

Pedro Canahuati, Meta's vice president of engineering, security and privacy, said in a statement back when the probe was starting that these passwords were never visible to anyone outside of Facebook and that they have found no evidence to date that anyone internally abused or improperly accessed them. (Related: Meta Platforms: MASS CENSORSHIP of Trump photo after failed assassination attempt was an "error.")

Visit FacebookCollapse.com for stories about how Facebook fails to protect its users.

Watch the video below that talks about Meta CEO Mark Zuckerberg admitting to being pressured by the Biden-Harris administration to suppress information.

This video is from the NewsClips channel on Brighteon.com.

More related stories:

AFL exposes internal Facebook documents used for training CDC employees on censoring the public.

Meta admits to training its AI models with public info from Aussie users posted SINCE 2007.

Zuckerberg admits Biden admin pressured Meta to CENSOR content.

Facebook CENSORS video of DOJ official calling DA Alvin Bragg's Trump prosecution "nonsense."

Trump warns Zuckerberg and anyone who illegally interferes in election will be jailed for life.

Sources include:

TheEpochTimes.com

DataProtection.ie

RetailWire.com

Brighteon.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.