{"id":25274,"date":"2024-10-01T03:10:07","date_gmt":"2024-10-01T11:10:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/10\/01\/news-19004\/"},"modified":"2024-10-01T03:10:07","modified_gmt":"2024-10-01T11:10:07","slug":"news-19004","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/10\/01\/news-19004\/","title":{"rendered":"Facebook and Instagram passwords were stored in plaintext, Meta fined"},"content":{"rendered":"\n

Ireland\u2019s privacy watchdog Data Protection Commission (DPC) has fined Meta \u20ac91M<\/a> ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext.<\/p>\n

The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determined that the company failed to \u201cnotify the DPC of a personal data breach concerning storage of user passwords in plaintext\u201d without delay, and failed to \u201cdocument personal data breaches concerning the storage of user passwords in plaintext.\u201d<\/p>\n

The DPC also said that Meta violated GDPR by not using appropriate technical measures to ensure the security of users\u2019 passwords against unauthorized processing.<\/p>\n

While the DPC does not disclose the number of passwords, several sources<\/a> at the time quoted internal sources at Facebook who said 600 million password were freely accessible to employees. Most of these passwords belonged to Facebook Lite users, but it affected other Facebook and Instagram users as well.<\/p>\n

Facebook found out that it logged the passwords in plaintext by mistake during a code review.<\/p>\n

An ongoing issue<\/h2>\n

Over the years, several data sets belonging to Facebook users have circulated on Dark Web<\/a> marketplaces. We’ve seen country-specific sets for Iran, Sudan, and Hong Kong. The largest data set that is still publicly accessible contains 303,081,505 records and was shared on a Telegram channel in February 2022. The data contains email addresses, names, phone numbers and additional personal information.<\/p>\n

In April 2021, a cybercriminal posted over half a billion scraped Facebook profiles for free on a hacking forum. The data encompassed profiles from over 100 countries and included emails, Facebook IDs, birthdays, phone numbers, and other Personally Identifiable Information (PII)<\/a>. Several other forums mirrored this data set.<\/p>\n

Last February, we reported<\/a> how personal data belonging to Facebook Marketplace users was published online. That leak consisted of around 200,000 records that contained names, phone numbers, email addresses, Facebook IDs, and Facebook profile information.<\/p>\n

In 2019, a private security researcher reported finding a database with the names, phone numbers, and unique user IDs of over 267 million Facebook users. The hosting company took the database offline after a tip off from the security researcher.<\/p>\n

Social media accounts container a lot of personal information which combined with our email addresses provides cybercriminals with information they can use to add credibility to their phishing attempts.<\/p>\n

It’s a good idea to check what personal information of yours is out there, and for that you can use our\u00a0free Digital Footprint scan<\/a>. Fill in the email address you use most frequently to sign up for sites and services, and we\u2019ll give you a free report.<\/p>\n

\n
\n
\n

<\/a>SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n

We don’t just report on threats – we help safeguard your entire digital identity<\/strong><\/p>\n

Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family’s\u2014personal information by using identity protection<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The Data Protection Commission has fined Meta $101M because 600 million Facebook and Instagram passwords were stored in plaintext. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[21015,3589,11529,2143,32,10602,31170,5897],"class_list":["post-25274","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-dpc","tag-facebook","tag-facebook-lite","tag-instagram","tag-news","tag-passwords","tag-plaintext","tag-privacy"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25274"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25274\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}