London: In a significant blow to Meta, the European Union’s privacy watchdog has imposed a substantial fine of 91 million euros ($101.6 million) on the tech giant for a security lapse involving Facebook users’ passwords. The Irish Data Protection Commission (DPC) announced the penalty on Friday, highlighting serious concerns over Meta’s handling of sensitive user data.
The investigation began in 2019 when Meta, then known as Facebook, notified the DPC that it had inadvertently stored the passwords of hundreds of millions of Facebook users in plaintext, without encryption. This oversight meant that the passwords were easily accessible to Facebook employees, posing a significant security risk.
Deputy Commissioner Graham Doyle emphasized the gravity of the situation, stating, “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.”
In response to the fine, Meta acknowledged the error, explaining that the issue was discovered during a routine security review. The company asserted that immediate action was taken to rectify the problem and assured that there was no evidence of the passwords being misused or accessed inappropriately.
This latest fine adds to a series of penalties Meta has faced for privacy violations. Previously, Instagram was fined 405 million euros for mishandling teenagers’ data, WhatsApp received a 5.5 million euro penalty, and Meta was hit with a 1.2 billion euro fine for transatlantic data transfers.
Meta’s ongoing challenges with data privacy underscore the importance of stringent security measures and compliance with regulatory standards to protect user information.