Meta has been fined €91 million ($101 million) by the Irish Data Protection Commission (DPC) for failing to secure hundreds of millions of user passwords, storing them in plaintext rather than using encryption methods. The breach, discovered by Meta in 2019, exposed the passwords internally within the company’s systems, though Meta claimed there was no evidence of misuse.
The DPC’s five-year investigation concluded that Meta violated several provisions of the EU’s General Data Protection Regulation (GDPR), including failing to implement adequate technical measures to protect sensitive data and not reporting the breach to the regulatory body. The breach affected Facebook and Instagram users, but it remains unclear why Meta’s standard cryptographic protections, such as hashing and salting, were not applied in this instance.
Despite Meta’s reassurances that the passwords were only accessible within the company and no external parties accessed them, the DPC determined that the company failed to safeguard the data adequately. Deputy Commissioner Graham Doyle emphasized the significance of this failure, noting that “passwords are particularly sensitive, as they would enable access to users’ social media accounts.”
Meta, which did not provide an immediate response to the ruling, was reprimanded in addition to the substantial fine. While the full decision has yet to be released, the DPC’s announcement highlighted that other EU authorities agreed with the decision.
This fine is part of a growing list of privacy and security-related fines levied against Meta, as regulators around the world continue to scrutinize the company’s handling of user data. The incident serves as a reminder of the importance of following established data protection protocols, especially given the sensitive nature of passwords in securing online accounts.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
