12:52
11:39
13:16
09:59
14:15
10:28
12:52
11:39
13:16
09:59
14:15
10:28
12:52
11:39
13:16
09:59
14:15
10:28
12:52
11:39
13:16
09:59
14:15
10:28
Meta has been fined $101.5 million (€91 million) by the Irish Data Protection Commission (DPC) after an investigation revealed the company had stored millions of user passwords in plain text on its servers, violating several GDPR regulations.
The breach, which first came to light in 2019, involved passwords stored in a readable format since 2012, accessible to over 20,000 Facebook employees but not external parties.
The DPC found that Meta failed to promptly notify authorities of the breach and did not use appropriate security measures to protect user data. The company also did not adequately document the incident. While Meta did not disclose the number of affected accounts, internal sources suggested up to 600 million passwords may have been involved.
In addition to the financial penalty, the DPC issued a formal reprimand to Meta, and further details of the decision are expected to be released in the coming months.