+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely

Apr 26, 2019, 11:14 IST
  • Europe's default privacy regulator for Facebook will investigate whether Facebook broke the law after the social media company admitting to storing millions of passwords in plain text.
  • Ireland's data protection watchdog said on Thursday it will open a 'statutory inquiry' into whether Facebook broke Europe's strict privacy laws, the GDPR.
  • Facebook said in March it hadn't found any evidence of misuse.
Advertisement

Facebook is facing a multi-billion dollar fine for accidentally storing millions of people's passwords in plain text.

Ireland's Data Protection Commission (DPC), which is the default privacy regulator for Facebook in Europe, said on Thursday it had launched a "statutory inquiry" into the social network after it admitted to the error.

The news of a fresh investigation comes a day after Facebook announced that it would be setting aside $3 billion to cover the costs of a privacy investigation launched by the US regulators, during its first quarter 2019 earnings call.

Facebook said in March that it had stored hundreds of millions of users' passwords in an unencrypted format for years, meaning employees with access to its systems could simply look at people's passwords. Around 20,000 workers were thought to be able to access the passwords, although Facebook said it hadn't found any evidence of misuse.

The DPC published a statement on Thursday saying it would investigate Facebook to see if it had breached Europe's strict privacy laws, the GDPR.
Advertisement


It said: "The Data Protection Commission was notified by Facebook that it had discovered that hundreds of millions of user passwords, relating to users of Facebook, Facebook Lite and Instagram, were stored by Facebook in plain text format in its internal servers. We have this week commenced a statutory inquiry in relation to this issue to determine whether Facebook has complied with its obligations under relevant provisions of the GDPR."

A company that breaches the GDPR, which was introduced last May, can be fined up to €20 million, or 4% of global annual turnover, whichever is the bigger number. In Facebook's case, that would equate to around $2.2 billion.

Facebook said it would work with the regulator on its investigation.

A spokesperson said: "We are working with the IDPC on their inquiry. There is no evidence that these internally stored passwords were abused or improperly accessed."

Correction: An earlier version of this article incorrectly stated that the DPC is investigating Facebook's harvesting of email contacts.
Advertisement


You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article