Social media giant Meta has been hit with a hefty fine of $101.5 million by the European Union’s data privacy regulator for storing user passwords. This fine comes from the Irish Data Protection Commission (DPC), which penalized Meta for storing some users’ passwords without proper encryption or security measures. The news was reported by Reuters and The Independent.
Reports indicate that Meta had stored the passwords of certain users in “plain text” format, without any form of encryption. This issue was brought to the attention of the Irish DPC five years ago, leading to a formal investigation into the matter.
At the time, Meta publicly acknowledged the issue, confirming that the passwords had not been accessed by any third parties.
A Meta spokesperson stated that the issue was identified during a 2019 security review, and corrective actions were promptly taken. The spokesperson also emphasized that there was no evidence that the stored passwords were misused or improperly accessed.
