EU Privacy Watchdog Slaps Meta with $100 Million Fine Over Password Storage
The European Union’s privacy regulator has imposed a hefty fine of over $100 million on Meta, the parent company of Facebook, following an investigation into a password storage issue. The Irish Data Protection Commission, which oversees Meta’s operations in Europe, announced the penalty on Thursday.
The investigation, which began in 2019 after Meta self-reported the problem, revealed that user passwords were being stored in plain text format, making them potentially searchable by employees. Deputy Commissioner Graham Doyle emphasized the significant risk associated with storing passwords in this manner.
Meta’s internal security review uncovered that a subset of passwords had been temporarily logged in a readable format. The company stated that it took immediate action to rectify the error upon discovery. Despite the potential vulnerability, Meta reported no evidence of password abuse or improper access by employees.
The tech giant proactively reported the issue to the Irish Data Protection Commission and has reportedly engaged constructively with the regulator throughout the inquiry process.
This latest fine adds to a series of substantial penalties imposed on Meta by the Dublin-based watchdog. Previous fines include a 405 million euro penalty for Instagram’s mishandling of teen data, a 5.5 million euro fine involving WhatsApp, and a staggering 1.2 billion euro penalty related to transatlantic data transfers.
The repeated sanctions underscore the increasing scrutiny faced by tech giants in Europe as regulators seek to enforce stringent data protection laws and safeguard user privacy.