Published 18:36 IST, September 27th 2024
Meta hit with $102 million privacy fine from European Union over 2019 password security lapse
A Meta spokesperson said a security review found that a “subset” of Facebook users' passwords were “temporarily logged in a readable format.”
Meta was slapped with a fine worth more than $100 million (EUR 91 million) from the lead European Union privacy regulator on Friday for inadvertently storing some users' passwords without protection or encryption. The inquiry was opened five years ago after Meta notified Ireland's Data Protection Commission (DPC) that it had stored some passwords in 'plaintext'. Meta publicly acknowledged the incident at the time and the DPC said the passwords were not made available to external parties.
"It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," Irish DPC Deputy Commissioner Graham Doyle said in a statement.
A Meta spokesperson said a security review found that a “subset” of Facebook users' passwords were “temporarily logged in a readable format.” The Mark Zuckerberg-led company said it took immediate action to fix the error after identifying it during a security review in 2019, and that there is no evidence the passwords were abused or accessed improperly.
“We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly,” the company said in a statement. "We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”
Meta engaged constructively with the DPC throughout the inquiry, the spokesperson added in a statement on Friday. The DPC is the lead EU regulator for most of the top U.S. internet firms due to the location of their EU operations in the country.
It has so far fined Meta a total of 2.5 billion euros for breaches under the bloc's General Data Protection Regulation's (GDPR), introduced in 2018, including a record 1.2 billion euro fine in 2023 that Meta is appealing. Meta's Instagram also faced a fine of EUR 405 million over mishandling data of teenage users, while WhatsApp was punished with a fine of EUR 5.5 million.
Written with agency inputs
Updated 18:36 IST, September 27th 2024