Saturday, September 28, 2024 – Facebook's parent company, Meta, has been fined €91m by the Irish Data Protection Commission (DPC) following an investigation into the storage of passwords.
An inquiry was launched in April 2019 after Meta notified
the DPC that it had inadvertently stored certain passwords of social media
users on its internal systems without encryption.
The DPC submitted a draft decision to other European data
watchdogs in June 2024.
No objections were raised by the other authorities.
Meta has been found to have four breaches of the General
Data Protection Regulation (GDPR).
DPC deputy commissioner Graham Doyle said: "It is
widely accepted that user passwords should not be stored in 'plaintext'
considering the risks of abuse that arise from persons accessing such data.
"It must be borne in mind, that the passwords the
subject of consideration in this case are particularly sensitive, as they would
enable access to users’ social media accounts," he added.
The decision, which was made by the commissioners for data
protection, Dr Des Hogan and Dale Sunderland, and notified to Meta on 26
September, includes a reprimand and a fine.
In May 2023, Meta was fined €1.2bn for mishandling
data when transferring it between Europe and the United States.
That fine was also issued by Ireland's DPC; the largest fine
imposed under the EU's GDPR privacy law.
In 2022, Meta was fined €265m after data from 533m
people in 106 countries was published on a hacking forum having been
"scraped" from Facebook years earlier.
0 Comments