The EU’s industry watchdog has fined social media giant Meta Platforms €91 million for inadvertently storing users’ passwords in plaintext. This issue came to light around five years ago, when Meta notified the Irish Data Protection Commission (DPC) that some users’ passwords were stored in plaintext. The investigation confirmed that no third parties had accessed the user data during this period.
Immediate Action Taken by Meta
Graham Doyle, the deputy head of the DPC, emphasized that storing passwords in plaintext is unacceptable due to the potential risks if third parties gain access. A Meta spokesperson stated that the company took immediate action to address the issue after identifying it during a security review in 2019. The spokesperson also noted there was no evidence of misuse or unauthorized access to the passwords. Meta worked constructively with the DPC throughout the investigation process.
Meta’s History of GDPR Fines
The DPC plays a significant role as a key regulator in the European Union, notes NIXSolutions. To date, Meta has faced fines totaling €2.5 billion for violations of the General Data Protection Regulation (GDPR), which was implemented in 2018. In 2023, Meta received a record €1.2 billion fine, which the company is still attempting to challenge. We’ll keep you updated as the situation develops.