>for inadvertently storing some users' passwords without protection or encryption.
The egregious nature of the issue seems to undermine any measures they may have done to retroactively fix it.
A first year CS student could tell you this is a fundamentally bad idea. For a FANG company this is inexcusable. Fine is justified.
A company of such size will have to disclose it purely because if an employee left and blew a whistle -- the fine would have been much more. They cut their losses and will accept responsibility.
I complained at a US based company I worked for after discovering plain text passwords, nobody seemed to care, including the other programmers. I complained louder and we half-fixed it by removing the plain text passwords from the test database every person in the company had access too, but the plain text passwords were still used in production. There were millions of them, all US customers; if you're someone who eats fast food in the US, there's a chance your password was in there.
Everyone was really busy working on the new layout our UI designer had come up with, so nobody gave a shit about the plain text passwords.
I can only guess they're still doing this, but don't know for sure because I was fired a little while later for being a poor culture fit. They don't do business in EU.
It was probably accidentally logged somewhere in a rare circumstance, not by design in the actual password database. These companies are not quite that incompetent.
The egregious nature of the issue seems to undermine any measures they may have done to retroactively fix it.
A first year CS student could tell you this is a fundamentally bad idea. For a FANG company this is inexcusable. Fine is justified.
A company of such size will have to disclose it purely because if an employee left and blew a whistle -- the fine would have been much more. They cut their losses and will accept responsibility.