The European Union’s chief privacy authority imposed a fine of 91 million euros (approximately $101.5 million) on Meta, the parent company of Facebook, on Friday. The penalty was issued due to the company’s failure to securely store certain users’ passwords.
This investigation commenced five years ago after Meta informed Ireland’s Data Protection Commission (DPC) that it had retained a number of passwords in an unprotected format, known as ‘plaintext.’ At the time, Meta openly acknowledged the situation, and the DPC clarified that the vulnerable passwords had not been exposed to outside parties.
Deputy Commissioner Graham Doyle of the DPC emphasized in a statement that there is a general consensus on the need to avoid storing user passwords in plaintext due to the significant risk of misuse posed by unauthorized access to such data.
In response, a representative from Meta stated that the company took prompt measures to rectify the issue once it was discovered during a security audit in 2019. The spokesperson insisted that there is no indication that the compromised passwords were accessed or exploited improperly.
The spokesperson further noted that Meta had maintained a cooperative relationship with the DPC throughout the investigative process.
As the lead regulatory body for major U.S. internet companies operating in the EU, the DPC has imposed sanctions totaling 2.5 billion euros against Meta for various violations under the General Data Protection Regulation (GDPR), which took effect in 2018. Among these, a record fine of 1.2 billion euros was issued in 2023, which Meta is currently contesting.
© Thomson Reuters 2024
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
