EU privacy regulator imposes a fine of 91 million euros on Meta for password storage

The European Union’s leading privacy regulator on Friday fined social media giant Meta 91 million euros ($101.5 million) for accidentally storing some users’ passwords without protection or encryption.

The investigation was opened five years ago after Meta notified the Irish Data Protection Commission (DPC) that it had stored some passwords in plaintext. Meta publicly acknowledged the incident at the time and the DPC said the passwords had not been made available to outside parties.

“It is generally accepted that user passwords should not be stored in plaintext, given the risks of misuse posed by individuals accessing such data,” Irish DPC Deputy Commissioner Graham Doyle said in a statement.

A spokesperson for Meta said the company took immediate action to fix the flaw after identifying it during a security review in 2019, and that there is no evidence the passwords have been misused or used incorrectly.

Meta has worked constructively with the DPC throughout the investigation, the spokesperson added in a statement on Friday.

The DPC is the lead EU regulator for most of the top US internet companies due to the location of their EU operations in the country.

It has so far fined Meta a total of €2.5 billion for breaches of the General Data Protection Regulation (GDPR), introduced in 2018, including a record fine of €1.2 billion in 2023 that Meta is appealing.

© Thomson Reuters 2024

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)