Meta has had its wrists slapped with a fine worth more than €91 million over a security leak involving millions of Facebook user’s passwords.
The Irish Data Protection Commission fined Meta, the parent company of Facebook and Instagram, following their investigation into the 2019 leak in which it was discovered that users’ passwords had been stored in a plain text format without legally mandated encryption. Simply said, it was possible to read people’s passwords directly on the screen.
Graham Doyle, the Deputy Commissioner said, ‘It is widely accepted that user passwords should not be stored in plain text, considering the risks of abuse.’ Meta said a security review found that a ‘subset’ of Facebook users’ passwords were ‘temporarily logged in an easily readable format.’
Litany of data-protection related sanctions
‘We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,’ read an official statement from Meta. ‘We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.’
The fine is the latest in a litany of data-protection related sanctions Meta has paid in the EU in recent years. The Mark Zuckerberg social media tycoon’s company has received fines for data breaches in 2022, a lack of child safety privacy settings on Instagram in 2023, illegal data scraping in 2022, fines in 2023 for their advertisement practices, and a whopping €1.2 billion on 2023 for the unlawful transfer of EU citizens’ data to US servers.