Science and Tech

Ireland fines Meta 91 million euros for storing user passwords without being encrypted

Ireland fines Meta 91 million euros for storing user passwords without being encrypted

September 27 (Portaltic/EP) –

The Data Protection Commission (DPC) from Ireland ha fined Meta with a penalty of 91 million euros for having stored user passwords from your social networks as plain text on their internal systems, so they were not encrypted and posed a security risk for affected users.

The company led by Mark Zuckerberg, owner of social networks such as Instagram, Facebook and WhatsApp, notified in March 2019 to the Irish DPC body a incident where I had inadvertently stored some user passwords in “plain text”. That is, passwords without cryptographic protection or encryption, which puts them at risk when it comes to a data leak.

Although these passwords They did not reach the hands of third partiesthe DPC began a investigation in April of that same yearin which he carried out an analysis of Meta’s compliance with the General Data Protection Regulation (GDPR).

Specifically, as the Commission has explained in a statement on their websiteduring the investigation It was evaluated whether the technology company had appropriate security measures for password processing and if he fulfilled his obligations to warn users involved about violations of their personal data, in accordance with the requirements of the RGPD.

Specifically, this regulation details that those responsible for data processing – in this case, Meta – must have appropriate security measures for the processing of personal data. Thus, to maintain security, it is important that the company “evaluate the risks inherent to the treatment and implement measures to mitigate them“, as the DPC has pointed out.

Taking all this into account, after concluding the investigation, the DPC has communicated this Friday the sanction imposed on Meta for the incorrect processing of users’ personal data in its services, and for not having the necessary security measures for the processing of sensitive information, such as passwords.

Likewise, it has also been concluded that the technology company did not document personal data violations relating to the storage of user passwords. As a result, Meta must cover a fine of 91 million euros.

“It is widely accepted that User passwords should not be stored in plain text, considering the risks of abuse that arise when people access such data. “It should be noted that the passwords being examined in this case are particularly sensitive as they would allow access to users’ social media accounts,” concluded DPC Deputy Commissioner Graham Doyle.

Source link