EU Commission Penalizes Meta 91 Million Euros Over Password Storage

EU Commission Penalizes Meta 91 Million Euros Over Password Storage

The inquiry on the matter began five years ago

The European Data Protection Commission (EDPC) has penalized Meta 91 million euros ($101.5 million) for inadvertently storing some users' passwords without protection or encryption.

The social media company had notified Ireland's Data Protection Commission (DPC) that it had stored some passwords in 'plaintext'. It publicly acknowledged the incident and the DPC said the passwords were not made available to external parties and began an inquiry.

In a statement, Graham Doyle, DPC deputy commissioner stated, "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.”

The DPC is the lead privacy regulator for most of the top US internet firms due to the location of their EU operations in the country.

Until now, it has fined Meta 2.5 billion euros for breaches under the bloc's General Data Protection Regulation (GDPR), introduced in 2018. This includes a 1.2 billion euro fine in 2023 that Meta has appealed.