Meta Fined $101 Million for Storing Millions of Passwords in Plaintext

Irish Data Protection Commission penalizes Meta after a five-year investigation into the 2019 security lapse involving Facebook passwords.

Meta stored hundreds of millions of user passwords in plaintext, accessible to around 2,000 employees who queried the database over 9 million times.
The security breach, disclosed in 2019, primarily affected Facebook Lite users outside the US, along with millions of Facebook and tens of thousands of Instagram users.
The Irish Data Protection Commission found Meta in violation of multiple GDPR articles for failing to encrypt passwords and not reporting the breach within the required timeframe.
Meta has been fined €91 million ($101 million) and reprimanded for not implementing appropriate security measures to protect user data.
The fine adds to Meta's ongoing GDPR compliance issues, with previous penalties totaling over $2.23 billion.