Meta Fined $102 Million For Storing 600 Million Passwords In Plain Text (appleinsider.com) 28
Meta has been fined $101.5 million by the Irish Data Protection Commission (DPC) for storing over half a billion user passwords in plain text for years, with some engineers having access to this data for over a decade. The issue, discovered in 2019, predominantly affected non-US users, especially those using Facebook Lite. AppleInsider reports: Meta Ireland was found guilty of infringing four parts of GDPR, including how it "failed to notify the DPC of a personal data breach concerning storage of user passwords in plain text." Meta Ireland did report the failure, but only some months after it was discovered. "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Graham Doyle, Deputy Commissioner at the DPC, in a statement about the fine. "It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."
Other than the fine and an official reprimand, the full extent of the DPC's ruling is yet to be released publicly. The details published so far do not reveal whether the passwords included any of US users as well as ones in Ireland or across the rest of the European Union. It's most likely that the issue concerns only non-US users, however. That's because in 2019, Facebook told CNN that the majority of the plain text passwords were for a service called Facebook Lite, which it described as being a cut-down service for areas of the world with slower connectivity.
Other than the fine and an official reprimand, the full extent of the DPC's ruling is yet to be released publicly. The details published so far do not reveal whether the passwords included any of US users as well as ones in Ireland or across the rest of the European Union. It's most likely that the issue concerns only non-US users, however. That's because in 2019, Facebook told CNN that the majority of the plain text passwords were for a service called Facebook Lite, which it described as being a cut-down service for areas of the world with slower connectivity.
I'm shocked! (Score:5, Insightful)
Everybody with a three-figure IQ understands that Meta has no respect for anyone's privacy or security except Zuckerberg's. Why would anybody be surprised when he rubs our noses in it by storing passwords in plain text?
Re: (Score:1)
Everybody with a three-figure IQ understands that Meta has no respect for anyone's privacy or security except Zuckerberg's. Why would anybody be surprised when he rubs our noses in it by storing passwords in plain text?
I learned about the need for hashing and salting stored passwords in the late 80's in class from a paper written in the 70's. Yet somehow 2000 engineers looked up 9 million in the clear passwords and no one complained? What kind of engineers does Meta hire?
100 mil out of 134 billion revenue (Score:5, Insightful)
Meta 2023 revenue 134 billion
Fine 100 million
100 million / 134000 million = 0.0007
That's like a $100,000 salary person paying a $70 fine.
Re: (Score:2)
Is that how your boss sees it when you accidentally blow up that expensive new lab equipment? "Oh don't worry, it's only 0.007% of our company's global revenue (not profit), try not to wreck the next one!"
Cost of Doing Business? (Score:4, Insightful)
Re:Cost of Doing Business? (Score:5, Insightful)
Re: (Score:3)
$100M? Would you change your behavior if the fine for not doing so was $1? That's about the ratio here...
Yes I would. European law unlike American law is staggered. The first of a type of offence is often quite lenient in comparison to a re-offence. Meta would be unwise to consider $100m as a cost of doing business today, because that number will very very much inflate tomorrow.
In other news a police officer let me off with an official warning last time I got caught speeding, that won't happen again.
Isn't Ireland already getting plenty of money? (Score:1)
Re: (Score:2)
Grill the goose until it is golden.
Re:Isn't Ireland already getting plenty of money? (Score:4)
Facebook broke EU law, not Irish law.
If Ireland didn't prosecute, then the EU would've.
The fine would've been bigger and gone to Brussels instead of Dublin.
Both Ireland and Meta should be happy with this outcome.
Zucks not apologizing (Score:3)
Zuck has already said that he's sorry he ever apologized for anything Facef did so don't expect an apology.
Seriously? (Score:5, Interesting)
"It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."
Since when are social media account passwords "particularly sensitive". It's online bullshitting. It is not your bank account.
Fine 'em for the violation... but don't BS us about how important social media accounts are -life goes on without them, otherwise being banned would be a crime.
Re: (Score:1)
Re:Seriously? (Score:5, Informative)
A lot of damage could potentially be done if someone gets into your social media account; best case you'll have a lot of explaining to do to people that you were hacked.
It happened to a few broader family members of mine when outlook accounts were hacked. Hackers then send messages to all emails they had in the account saying they were stuck in Thailand or stuff like that and that they needed money urgently to solve the issue.
Re:Seriously? (Score:5, Informative)
You can use facebook to log into a number of other accounts these days, including ones with payment systems.
Re:Seriously? (Score:5, Insightful)
Re:Seriously? (Score:4)
1. Create a free porn site.
2. Require a signup with an email and password.
3. Use the same email and password to log in to banks.
4. Empty the accounts.
5. Profit!!!
Re: (Score:3)
Re:Seriously? (Score:5, Insightful)
In the wrong country, you can be killed if the government finds out what your really think. And yes, complaining online is one way to catalyze change, especially in countries where you can be killed for it. (American keyboard warriors should instead go vote and drag their friends to the polls too.)
Obviously not punitive (Score:3)
Feels weird (Score:4)
Re: (Score:2)
600 million plain text passwords... (Score:5, Insightful)
The stories detail some troubling behavior by Facebook's then 19-year old founder and CEO, Mark Zuckerberg, including using members' Facebook login information to break into members' private email accounts and hacking into a competitor's site and changing user profiles. (Source [businessinsider.com])
Zuck: Yeah so if you ever need info about anyone at Harvard. Just ask. I have over 4,000 emails, pictures, addresses, SNS. People just submitted it. I don't know why. They "trust me". Dumb fucks. (Source [businessinsider.com])
They should have been fined 6 billion Euros, that would be merely 10€ per password.
Meta protecting users since (Score:2)
..who else had access. (Score:1)
We've seen that the Israeli Defense Forces are embedded in Meta operations (and have used data they collect to feed their targeting AI that has been used to kill journalists and their families in the 'Where's Daddy' assassination program). Have THEY also had access?