Meta hit with $102 million privacy fine from European Union over 2019 password security lapse
LONDON (AP) — Meta was punished Friday with a fine worth more than $100 million from the social media giant’s European Union privacy regulator over a security lapse involving passwords for Facebook users.
The Irish Data Protection Commission said it slapped the U.S. tech company with the 91 million euro ($101.6 million) penalty following an investigation.
The watchdog started investigating in 2019 after it was notified by Meta that some passwords had been inadvertently stored internally in plain text, which means they weren’t encrypted and it was possible for employees to search for them.
Deputy Commissioner Graham Doyle said it’s “widely accepted” that user passwords should not be stored in plain text, “considering the risks of abuse.”
Meta said a security review found that a “subset” of Facebook users’ passwords were “temporarily logged in a readable format.”
“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” the company said in a statement. “We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”