What Happened
Meta has been fined €91 million ($101 million) for storing hundreds of millions of user passwords in plaintext on its internal systems.
This incident, discovered back in 2019, was a significant security failure as passwords were stored without encryption, though Meta stressed they were only exposed internally.
After a five-year investigation, the Irish Data Protection Commission (DPC) found Meta had breached GDPR regulations by failing to protect user data and notify the DPC promptly about the breach.
Meta typically uses cryptographic techniques to secure passwords, but it’s unclear why these protections were not applied to Facebook and Instagram passwords in this case.
Why it matters
This case highlights the critical importance of data security, especially for sensitive information like passwords, and serves as a reminder that even tech giants like Meta can face severe consequences for failing to comply with GDPR.