In 2019, Meta faced a password storage lapse resulting in hundreds of millions of Facebook, Facebook Lite, and Instagram passwords being stored unprotected in plaintext on internal platforms. This lapse in data protection led to a substantial fine of €91 million by the Irish Data Protection Commission for violating the EU's General Data Protection Regulation. The exposure of such sensitive data posed a significant risk of abuse and unauthorized access to users' social media accounts, undermining user privacy and security.
Source: https://www.wired.com/story/nist-password-guidance-improvements/
TPRM report: https://scoringcyber.rankiteo.com/company/meta
"id": "met000092924",
"linkid": "meta",
"type": "Vulnerability",
"date": "9/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Hundreds of millions',
'industry': 'Social Media',
'name': 'Meta',
'type': 'Company'}],
'attack_vector': 'Internal Data Handling',
'data_breach': {'number_of_records_exposed': 'Hundreds of millions',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Passwords'},
'description': 'In 2019, Meta faced a password storage lapse resulting in '
'hundreds of millions of Facebook, Facebook Lite, and '
'Instagram passwords being stored unprotected in plaintext on '
'internal platforms.',
'impact': {'brand_reputation_impact': 'Undermining user privacy and security',
'data_compromised': 'Passwords',
'financial_loss': '€91 million fine',
'identity_theft_risk': 'Significant risk of abuse and unauthorized '
'access',
'legal_liabilities': "Violation of EU's General Data Protection "
'Regulation',
'systems_affected': 'Internal platforms'},
'regulatory_compliance': {'fines_imposed': '€91 million',
'regulations_violated': "EU's General Data "
'Protection Regulation'},
'title': 'Meta Password Storage Lapse',
'type': 'Data Breach',
'vulnerability_exploited': 'Unprotected plaintext password storage'}