The European Union’s primary privacy regulator has imposed a fine of 91 million euros ($101.5 million) on Meta for the improper handling of user passwords. The penalty was announced on Friday following an investigation into the company’s security practices.
The inquiry, which began five years ago, was triggered by Meta’s notification to Ireland’s Data Protection Commission (DPC) regarding the storage of some user passwords in ‘plaintext’ format. At that time, Meta publicly acknowledged the issue and assured that the passwords had not been accessed by any unauthorized third parties.
Irish DPC Deputy Commissioner Graham Doyle emphasized the importance of secure password storage, stating, “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.”
A representative for Meta indicated that the company took swift action to rectify the oversight once it was discovered during a security review in 2019. They also noted that there is no evidence suggesting that the passwords were misused or improperly accessed.
The spokesperson further mentioned that Meta has engaged constructively with the DPC throughout the duration of the inquiry.
The DPC serves as the lead regulator for many major U.S. tech companies operating in Europe, due to their headquarters being based in Ireland.
To date, the DPC has fined Meta a total of 2.5 billion euros for violations of the EU’s General Data Protection Regulation (GDPR), which was enacted in 2018. This includes a record 1.2 billion euro fine issued in 2023, which Meta is currently appealing.
© Thomson Reuters 2024
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
