Irish Data Protection Commission (DPC) has fined Facebook parent company Meta €91m (£75m) following an investigation into the storage of passwords.
According to BBC report, an inquiry was launched in April 2019 after Meta notified the DPC that it had inadvertently stored certain passwords of social media users on its internal systems without encryption.
Following the investigations, DPC stated that Meta has violated four of the General Data Protection Regulation (GDPR).
The deputy commissioner of DPC, Graham Doyle, stated: “It is widely accepted that user passwords should not be stored in ‘plaintext’ considering the risks of abuse that arise from persons accessing such data.
“It must be borne in mind, that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.” he added.
The decision, which was made by the commissioners for data protection, Dr Des Hogan and Dale Sunderland, and notified to Meta on 26 September, includes a reprimand and a fine.
In May 2023, Meta was fined €1.2bn (£1bn) for mishandling data when transferring it between Europe and the United States.
Also, in 2022, Meta was fined €265m (£220m) after data from 533m people in 106 countries was published on a hacking forum having been “scraped” from Facebook years earlier.
