Meta Receives $102 Million Fine for Storing Passwords in Plain Text
Meta Receives $102 Million Fine for Storing Passwords in Plain Text
TL;DR — Quick Answer
1 min readMeta stored up to 600 million passwords in plain text for years, earning a $102 million GDPR fine that shows even basic security failures can result in nine-figure penalties.
Meta Receives $102 Million Fine for Storing Passwords in Plain Text
The Irish Data Protection Commission (DPC) has fined Meta $102 million for a security failure involving the storage of user passwords in unencrypted plain text. The breach affected up to 600 million user passwords, some of which were accessible to over 20,000 employees.
The Breach
The issue was first discovered in 2019, but investigations revealed that some passwords had been stored in plain text since 2012. For years, user credentials that should have been cryptographically hashed were sitting in internal systems without proper protection.
GDPR Violations
The DPC found that Meta violated the GDPR on multiple grounds: failing to promptly notify the authority of the security incident, failing to properly document the breach and its handling, and failing to implement appropriate technical security measures to protect user data. Each of these violations carries its own potential penalties under the regulation.
The Takeaway
This case underscores that even basic security failures -- like not hashing passwords -- can result in nine-figure fines under the GDPR. Organizations of all sizes should audit their data storage practices to ensure fundamental security measures are in place.
Was this article helpful?
Let us know what you think!
Before you go...
Related Articles
Why Meta Faces Existential Regulatory Challenges in Europe
The CJEU Bundeskartellamt ruling combined with accumulated GDPR enforcement creates unprecedented threats to Meta's European operations, connecting competition law with data protection.
Meta Loses Major Privacy Battle: What the Ruling Means for Big Tech
Meta suffered a significant privacy defeat that challenges data-driven business models across big tech. Learn about the ruling, its business model implications, and the precedent it sets.
Meta's Privacy Fiasco: Lessons for the Technology Industry
Meta's billions in GDPR fines and suspension orders represent the most comprehensive regulatory reckoning any tech company has faced. Learn the cautionary lessons for the entire industry.