Meta has been fined $102m by the Irish DPC for not encrypting user passwords, marking another penalty for the company under the EU’s privacy regulations.
According to ABC News, the DPC’s investigation, initiated in 2019, revealed that Meta had inadvertently stored a “subset” of Facebook users’ passwords in plain text, making them accessible to employees. This breach of security protocols led to the hefty fine, as storing passwords in plain text is widely regarded as a neglect of basic security measures.
Deputy Commissioner Graham Doyle emphasised the importance of encrypting passwords to prevent abuse, a standard practice in safeguarding user information. Despite this lapse, Meta reported that it found no evidence of misuse or improper access to the passwords. The company responded swiftly to the incident, rectifying the error and maintaining ongoing communication with the DPC throughout the investigation.
This fine adds to a series of penalties imposed on Meta by the DPC, including previous fines for issues related to data mishandling across its platforms such as Instagram and WhatsApp.
Copyright © 2024 RegTech Analyst
Copyright © 2018 RegTech Analyst