Helping to share the web since 1996


Meta Faces $101 Million Fine for Storing Facebook and Instagram Passwords in Plaintext

iPhone X beside MacBook

Meta is facing a $101 million fine for a 2019 incident in which the company inadvertently stored Facebook passwords in plaintext rather than encrypting them. These passwords were kept on internal servers, to which as many as 20,000 Facebook employees had access, potentially allowing them to bypass company protocols and access user accounts. Additionally, Meta later discovered it had also stored millions of Instagram users’ passwords in plaintext. The company publicly disclosed the issue and committed to strengthening its security practices.

Despite Meta‘s response, Ireland’s Data Protection Commission concluded that the company violated the European Union’s GDPR regulations, which mandate the use of appropriate measures to safeguard user passwords. The commission also criticized Meta for failing to notify European regulators about the breach within the required 72-hour window.

Although it’s unclear why the Irish regulator took so long to finalize its decision, the commission announced it will publish the “full Decision and further related information” soon. Meta has not confirmed whether it will pay the fine but stated to PCMag that it acted swiftly to resolve the issue after discovering the plaintext password storage.

In a statement, Meta said, “As part of a security review in 2019, we found that a subset of Facebook users’ passwords were temporarily logged in a readable format within our internal data systems. We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly. We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.”

Newer Articles

Older Articles

Back to news headlines