The EU industry regulator has fined social media giant Meta✴ Platforms €91 million for unintentionally storing user passwords in clear text. The investigation into the incident began about five years ago when Meta✴ notified the Irish Data Protection Commission (DPC) that it was storing some users’ passwords in unencrypted form. During the investigation, it was determined that third parties did not have access to user data.
«There is widespread agreement that user passwords should not be stored in clear text, given the risks of abuse arising from third party access to such data,” DPC deputy head Graham Doyle said in a statement.
A Meta✴ representative said that the company immediately took the necessary measures to correct the situation as soon as the incident was identified during the security audit process in 2019. He also added that there is no evidence that the passwords were misused or that anyone had unauthorized access to them. Meta✴ noted that the company interacted constructively with the DPC throughout the investigation.
Let us remind you that the DPC is one of the main industry regulators of the European Union. To date, the agency has fined Meta✴ a total of €2.5 billion for violating the requirements of the General Data Protection Regulation (GDPR), which came into force in 2018. Meta✴ was fined a record €1.2 billion in 2023, but the company is still fighting the fine.