Meta, the parent company of Facebook, has been fined €91 million by the Irish Data Protection Commission (DPC) after an investigation revealed improper storage of user passwords. The probe, which began in April 2019, was launched after Meta informed the DPC that some social media users' passwords had been inadvertently stored on its internal systems without encryption.
In June 2024, the DPC submitted a draft decision to other European data protection authorities, none of which raised objections. Meta was found to have violated four provisions of the General Data Protection Regulation (GDPR).
DPC deputy commissioner Graham Doyle commented on the severity of the issue, saying, "It is widely accepted that user passwords should not be stored in 'plaintext' due to the risk of misuse by unauthorized individuals." He further emphasized the sensitive nature of the passwords, as they could grant access to users’ social media accounts.
The decision, delivered by data protection commissioners Dr. Des Hogan and Dale Sunderland on September 26, included both a reprimand and the €91 million fine.
This is not the first time Meta has faced fines from the DPC. In May 2023, the company was fined a record-breaking €1.2 billion for mishandling data transfers between Europe and the United States. In 2022, Meta was also fined €265 million after data from 533 million users across 106 countries was leaked on a hacking forum, having been scraped from Facebook years earlier.
No comments:
Post a Comment