Meta Fined $102 Million For Storing 600 Million Passwords In Plain Text (appleinsider.com)
- Reference: 0175146455
- News link: https://yro.slashdot.org/story/24/09/27/2226229/meta-fined-102-million-for-storing-600-million-passwords-in-plain-text
- Source link: https://appleinsider.com/articles/24/09/27/meta-stored-600-million-facebook-and-instagram-passwords-in-plain-text
> Meta Ireland was found guilty of infringing four parts of GDPR, including how it "failed to notify the DPC of a personal data breach concerning storage of user passwords in plain text." Meta Ireland did report the failure, but only some months after it was discovered. "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Graham Doyle, Deputy Commissioner at the DPC, [3]in a statement about the fine. "It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."
>
> Other than the fine and an official reprimand, the full extent of the DPC's ruling is yet to be released publicly. The details published so far do not reveal whether the passwords included any of US users as well as ones in Ireland or across the rest of the European Union. It's most likely that the issue concerns only non-US users, however. That's because in 2019, Facebook told CNN that the majority of the plain text passwords were for a service called Facebook Lite, which it described as being a cut-down service for areas of the world with slower connectivity.
[1] https://appleinsider.com/articles/24/09/27/meta-stored-600-million-facebook-and-instagram-passwords-in-plain-text
[2] https://yro.slashdot.org/story/19/03/21/1525243/for-years-hundreds-of-millions-of-facebook-users-had-their-account-passwords-stored-in-plain-text-and-searchable-by-thousands-of-facebook-employees
[3] https://www.dataprotection.ie/en/news-media/press-releases/DPC-announces-91-million-fine-of-Meta
Cost of Doing Business? (Score:4, Insightful)
$100M? Would you change your behavior if the fine for not doing so was $1? That's about the ratio here...
Re:Cost of Doing Business? (Score:4, Insightful)
Worse more like 16c ea. A buck would have been 600M, still peanuts. Should have been 60B, that might get someone's attention.
Isn't Ireland already getting plenty of money? (Score:1)
Isn't Ireland already getting plenty of money from these companies that domicile there? It might not be a good idea to gill the golden goose.
Re: (Score:2)
Grill the goose until it is golden.
Zucks not apologizing (Score:2)
Zuck has already said that he's sorry he ever apologized for anything Facef did so don't expect an apology.
Seriously? (Score:3)
> "It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."
Since when are social media account passwords "particularly sensitive". It's online bullshitting. It is not your bank account.
Fine 'em for the violation... but don't BS us about how important social media accounts are -life goes on without them, otherwise being banned would be a crime.
Re: (Score:2)
> A lot of damage could potentially be done if someone gets into your social media account; best case you'll have a lot of explaining to do to people that you were hacked.
It happened to a few broader family members of mine when outlook accounts were hacked. Hackers then send messages to all emails they had in the account saying they were stuck in Thailand or stuff like that and that they needed money urgently to solve the issue.
Re:Seriously? (Score:5, Informative)
You can use facebook to log into a number of other accounts these days, including ones with payment systems.
Re:Seriously? (Score:4, Insightful)
The problem is more that many non-techies use the same or some simple derivative password for all their accounts. I know, crazy, but people do it. So that is why every company that has a login should protect the customer's password.
Re: (Score:2)
The reality is for many people they are, ignoring the facebook creds can also be used to log in to other systems and that users are generally fuckwits and reuse passwords no matter how much you beat them up. Their Social media accounts have massive value for scams on the user and on others as well as huge amounts of information perfect for identity theft.
Re: (Score:3)
In the wrong country, you can be killed if the government finds out what your really think. And yes, complaining online is one way to catalyze change, especially in countries where you can be killed for it. (American keyboard warriors should instead go vote and drag their friends to the polls too.)
Obviously not punitive (Score:3)
This might have been punitive to someone with a chain of taco trucks or something, but considering it is equivalent to less than one day's worth of Meta's average daily profit in 2023 this seems more like a warning than any kind of a real penalty.
Feels weird (Score:2)
This makes me feel weird about the time and effort I put in to doing password hashing on my websites. I didnâ(TM)t spend that much time on it but I made sure to do it, it seemed like an obvious required first step, but I guess actually most people just donâ(TM)t bother at first? Feels weird. Also it wasnt that hard which is the other weird thing.
Re: (Score:2)
It's possible the logging system just grabbed the passwords and logged them when they came across the wire. Still a rookie mistake, but not as bad. The article doesn't clarify how it happened, but it seems to have not been in their main database.
600 million plain text passwords... (Score:2, Insightful)
Well, isn't having those plain text passwords why Facebook/Meta exists in the first place?
> The stories detail some troubling behavior by Facebook's then 19-year old founder and CEO, Mark Zuckerberg, including using members' Facebook login information to break into members' private email accounts and hacking into a competitor's site and changing user profiles. ( [1]Source [businessinsider.com])
> Zuck: Yeah so if you ever need info about anyone at Harvard. Just ask. I have over 4,000 emails, pictures, addresses, SNS. People just submitted it. I don't know why. They "trust me". Dumb fucks. ( [2]Source [businessinsider.com])
They should have been fined 6 billion Euros, that would be merely 10€ per password.
[1] https://www.businessinsider.com/the-origins-of-facebook-and-mark-zuckerberg-2010-3
[2] https://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5?IR=T
I'm shocked! (Score:3)
Everybody with a three-figure IQ understands that Meta has no respect for anyone's privacy or security except Zuckerberg's. Why would anybody be surprised when he rubs our noses in it by storing passwords in plain text?