"Ever felt a pang of betrayal when you discover your most intimate secrets exposed to the world? That's precisely how Meta users felt when it was revealed their passwords had been stored in plaintext for years.
Sadly it’s not a plot from a thriller movie, it’s exactly what happened to Meta, and the fallout is massive.
The Big Reveal
The Irish Data Protection Commission (DPC)has just slapped Meta with a whopping €91 million ($101.56 million)fine. Why, you ask? It all goes back to a security mishap in when the tech giant accidentally stored users' passwords in plaintext—yes, you read that right! This means anyone who had access could see those passwords without any encryption barrier. Yikes!
What Went Down?
After the DPC launched an investigation, they uncovered that Meta violated not one, but four articles of the European Union's General Data Protection Regulation (GDPR). Talk about a breach of trust! The DPC found that Meta didn’t notify them promptly about the data breach and failed to document the incident properly. They also dropped the ballon using the right technical measures to keep your passwords safe and sound.
The Password Panic
Initially, Meta admitted that a subset of Facebook users had their passwords exposed in plaintext but reassured everyone that there was no evidence of any internal misuse. However, according to Krebson Security, some of these passwords date back as far as 2012!
A senior employee revealed that around 2,000engineers or developers made nearly nine million internal queries for data elements containing those plaintext passwords.
And just when you think it couldn’t get worse, the company later acknowledged that millions of Instagram passwords were also stored in the same insecure way. They’re now in the process of notifying the affected users.
In response to the fine, Meta claimed they took “immediate action” to correct the error and stated they “proactively flagged this issue” to the DPC.
Final Thoughts
In a world where our digital lives are more intertwined than ever, it’s crucial to stay watchful about how our data is handled. Passwords should be treated like the crown jewels they are—protected and encrypted, not left out in the open for anyone to see.
How to keep yourself extra safe out there?
Encrypt Passwords: Ensure that all passwords are hashed and salted using strong cryptographic algorithms before storage. Avoid storing passwords in plain text under any circumstances.
Unique Passwords: Promote the use of unique passwords for different accounts to prevent a breach on one site from affecting others.
Enable 2FA:Encourage users to enable two-factor authentication wherever possible. This adds an extra layer of security, making it harder for attackers to gain access even if they have the password.
.png)
.png)