Meta slapped with €251M fine by Ireland for the 2018 data breach incident

Social media and tech giant Meta (NASDAQ:META) has been fined 251M euros by Ireland for a data breach from 2018 that impacted 29M Facebook accounts globally, including 3M accounts in the Eurozone region.

The Irish Data Protection Commission issued its final decisions and fined the company after two inquiries into Meta’s unit in Ireland, following the data breach in September 2018.

A glitch in Facebook’s “View As” feature—which allows people to see their own Facebook page as it would be seen by another user—allowed users to invoke the video uploader in conjunction with Facebook’s “Happy Birthday Composer” facility, the Irish agency said.

The agency said the video uploader would then generate a fully permissioned user token that gave them full access to the Facebook profile of that other user. A user could then use that token to exploit the same combination of features on other accounts, allowing them to access multiple users’ profiles and the data accessible through them.

The categories of personal data affected included user’s full name, email address, phone number, location, place of work, date of birth, religion, gender, posts on timelines, groups of which a user was a member, and children’s personal data, the agency said.

The breach was remedied by Meta’s Irish unit and its U.S. parent shortly after its discovery, the agency said.