EU privacy regulator fines Meta €91m for storing passwords By Reuters

DUBLIN (Reuters) – The European Union’s top privacy regulator fined social media giant Meta (NASDAQ: ) 91 million euros ($101.5 million) on Friday for accidentally storing unprotected users’ passwords or encryption.

The investigation was opened five years ago after Meta notified Ireland’s Data Protection Commission (DPC) that it stored some passwords in “plain text”. Meta publicly acknowledged the incident at the time, and the DPC said the passwords were not made available to outside parties.

“It is widely accepted that user passwords should not be stored in plain text, given the risks of abuse that arise from individuals accessing such data,” Irish DPC Deputy Commissioner Graham Doyle said in a communicated.

The DPC is the main EU regulator for most of the top US internet firms due to the location of their EU operations in the country.

It has so far fined Meta a total of €2.5 billion for breaches of the General Data Protection Regulation (GDPR), introduced in 2018, including a record fine of €1.2 billion in 2023, which Meta call.

(1 USD = 0.8966 euros)