ossf · david-a-wheeler · Dec 10, 2024 · Dec 10, 2024
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -4924,7 +4924,7 @@ Also, beware of implementing these algorithms only on the client side. It is fin
 > 😱 STORY TIME: Ashley Madison data breach
 > Ashley Madison is a Canadian commercial online dating service founded in 2002 and marketed as enabling cheating on romantic partners. In 2015 attackers stole its customer data. Many issues were revealed at that point; we will focus on one here. Ashley Madison had correctly used the **bcrypt** routine to store user passwords. Unfortunately, in many cases they had *also* stored passwords encoded using the **MD5** hashing algorithm, which is not an appropriate algorithm for storing passwords (as noted above). Attackers used these unprotected MD5 password hashes to decipher more than 11 million of these accounts' passwords in just 10 days, enabling them to log into those accounts (["Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked" by Dan Goodin, 2015](https://arstechnica.com/information-technology/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/)).
 
-> 😱 STORY TIME: Meta fined 91 million Euros for plaintext passwords
+> 😱 STORY TIME: Meta fined for plaintext passwords
 > Meta was fined 91 million Euros (USD $102 million) in 2024 for storing passwords in plain text.
 (["Meta Fined $102M for Storing Facebook Passwords in Plain Text" by Katie Collins, 2024-09-27](https://www.cnet.com/tech/services-and-software/meta-fined-102m-for-storing-facebook-passwords-in-plain-text/)]