The lead European Union privacy regulator has fined social media giant Meta 91 million euros ($101.5 million) for inadvertently storing some users’ passwords without protection.
The inquiry was opened five years ago after Meta notified Ireland’s Data Protection Commission (DPC) that it had stored some passwords in ‘plaintext’.
“It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data,” Irish DPC Deputy Commissioner Graham Doyle said in a statement.
Read more: Meta AI introduces high-quality photo editing through voice command features on WhatsApp
What did Meta say about this?
A Meta spokesperson claimed the company took immediate action to fix the error after identifying it during a security review in 2019, and that there is no evidence the passwords were abused or accessed improperly.
Meta engaged constructively with the DPC throughout the inquiry, the spokesperson added.
The DPC is the lead EU regulator for most of the top US internet firms due to the location of their EU operations in the country.
It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc’s General Data Protection Regulation’s (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing.
