Meta Fined €265M for Leak of Half a Billion Facebook Users
Read also: Spanish police detain fraudsters who stole €12M via fake bank sites, Sony and Lexar-trusted encryption provider has leaked critical business data since May 2021, and more
Thursday, December 1, 2022
Australia increases fines for privacy breaches to AU$50M
Following a series of high-profile security breaches at Australian firms (Optus, Medibank, and others) the Australian authorities have passed a new privacy bill that significantly increases fines against companies for privacy breaches.
The Privacy Legislation Amendment Bill 2022 amends the Privacy Act of 1988 to increase data breach fines to up to AU$50 million, or 30% of adjusted quarterly turnover, or three times the value of any benefit obtained through the misuse of information - whichever is greater. The current fine scheme under The Privacy Act 1988 carries a maximum penalty of AU$2.22 million.
LastPass reveals a new data breach
LastPass, a company behind the popular password manager with over 25 million users, said that malicious actors gained access to a third-party cloud storage service shared by both LastPass and its affiliate GoTo using information stolen in the August 2022 breach, and accessed “certain elements of our customers.”
The company didn’t share what data and how many customers were impacted by the breach, but said that customers’ password were not affected.
Meta fined €265M for the 2021 leak of 533M Facebook users
Ireland’s data privacy regulator has imposed a €265 fine on Meta, the owner of Facebook and Instagram, for its failure to prevent a massive Facebook data breach that took place in 2021.
The data privacy regulator launched an investigation into whether Facebook complied with Europe’s General Data Protection Regulation (GDPR) rules in April 2021 following a massive leak of the phone numbers and private data belonging to 533 million Facebook users. At the time, Meta said the threat actors stole the information using a vulnerability that was addressed in 2019, and that this was the same data involved in a prior leak reported in January 2021.
In September 2022, Meta was fined €405 million over Instagram’s handling of children’s data, the second-largest GDPR fine to date. A year ago, Ireland's data watchdog imposed a hefty €225 million fine on WhatsApp for breaching privacy regulations.
Spanish police detain fraudsters who stole €12M via fake bank sites
Spain’s police have arrested six alleged members of a cyber crime group that scammed over €12 million from more than 300 victims across Europe through a network of fake websites that impersonated legitimate bank and cryptocurrency platforms.
Victims arrived on fake websites through links embedded in phishing emails. The sites were used to trick visitors into making deposits, which were sent to the group’s bank accounts. The scammers then proceeded to launder the stolen money through accounts at Spanish banks before the funds were transferred overseas.
In related news, Europol took down more than 12,000 websites that offered counterfeit goods and pirated content.
Sony and Lexar-trusted encryption provider has leaked critical business data since May 2021
ENC Security, a Netherlands-based company, which provides encryption software, has been found leaking sensitive business data for more than a year. The researchers discovered that a misconfigured server that belonged to ENC Security exposed a wealth of customer data, including SMTP (Simple Mail Transfer Protocol) credentials for sales channels, Adyen keys, Mailchimp API keys, licensing payment API keys, HMAC message authentication codes, and public and private keys stored in .pem format.
The data was exposed from May 2021 up to November 9, 2022 when the leaky server was secured after the company learned of the issue.
ENC Security said that the breach affected less than 1% of its customers, and that it found no evidence that the exposed data was accessed by malicious actors.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
