Excerpt from The Hacker News Article, Published on Dec 18, 2024.
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been slapped with a €251 million ($263 million) fine by the Irish Data Protection Commission (DPC) over a 2018 data breach that impacted millions of users worldwide. The breach, which affected approximately 29 million Facebook accounts, including 3 million within the European Union and European Economic Area (EEA), marks a significant financial penalty for Meta in light of its non-compliance with stringent privacy laws under the General Data Protection Regulation (GDPR).
The breach was caused by a vulnerability in Facebook’s “View As” feature, which was introduced in July 2017. This flaw allowed cybercriminals to exploit the system and obtain access tokens that enabled unauthorized access to user accounts. While Meta initially reported that 50 million accounts were affected, further investigation revealed that around 29 million accounts were actually compromised. The compromised data included sensitive personal information such as users’ names, email addresses, phone numbers, locations, dates of birth, and even personal posts.
The DPC’s fine was issued after Meta failed to comply with several GDPR regulations, including not providing sufficient details in its breach notifications, neglecting to properly document the incident and remediation steps, and failing to ensure data protection principles were integrated into its systems from the outset. The breach exposed users to serious risks, including the potential misuse of their personal data.
This fine represents the second penalty Meta has faced from the DPC, following a €91 million fine in September 2024 for a separate security issue. Furthermore, Meta is also involved in an AU$50 million ($31.5 million) settlement with the Australian Information Commissioner related to the 2018 Cambridge Analytica scandal, further highlighting the ongoing scrutiny over its handling of user data.
These actions underscore the growing regulatory pressure on tech giants to prioritize user privacy and comply with data protection laws globally.
To delve deeper into this topic, please read the full article The Hacker News.
