EU hits Meta with $102 mn privacy fine over 2019 password security lapse
Meta was punished Friday with a fine worth more than USD 100 million from the social media giant's European Union privacy regulator over a security lapse involving passwords for Facebook users.
The Irish Data Protection Commission said it slapped the US tech company with the 91 million euro (USD 101.6 million) penalty following an investigation.
The watchdog started investigating in 2019 after it was notified by Meta that some passwords had been inadvertently stored internally in plain text, which means they weren't encrypted and it was possible for employees to search for them.
Deputy Commissioner Graham Doyle said it's widely accepted that user passwords should not be stored in plain text, "considering the risks of abuse.
Meta said a security review found that a subset of Facebook users' passwords were temporarily logged in a readable format.
We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly, the company