Data protection breach highlights serious security issues as Meta faces yet another major fine for GDPR violations.
Meta hit with a €91 million fine for storing passwords in plain text, violating GDPR rules. Learn more about Meta’s latest data protection scandal and the implications.
Meta has been fined €91 million for failing to properly secure user passwords in its systems. The social media giant stored account passwords in plain text, a critical security lapse that left sensitive data vulnerable. Following an investigation by the Irish Data Protection Commission (DPC), Meta was found to have violated General Data Protection Regulation (GDPR) four times, resulting in the hefty fine.
How the Breach Occurred
Meta first notified the DPC in April 2019, acknowledging that it had unintentionally stored users’ social media passwords in unencrypted, plain text form. This method of storage is considered highly insecure because it makes the data easy to exploit in the event of a cyberattack.
Storing passwords in plain text is widely regarded as a serious oversight, as it exposes users to potential privacy risks. After a detailed inquiry, the DPC determined that Meta had breached several key GDPR guidelines and ordered the company to strengthen its internal security measures.
Meta’s History of GDPR Violations
This isn’t the first time Meta has come under fire for breaching data protection regulations. In fact, the company has faced multiple fines in recent years:
- January 2023: Meta was fined €390 million by the DPC for delivering personalized ads without offering users the ability to opt out, another violation of GDPR.
- May 2023: Meta received the highest-ever GDPR fine of €1.2 billion for transferring EU user data to the U.S. without proper compliance with GDPR laws.
- November 2022: Meta was fined €265 million after data from 533 million Facebook users was leaked online. The information, scraped from Facebook, was shared on a hacking forum, exposing users across 106 countries.
With this latest fine, Meta’s total penalties for GDPR violations have skyrocketed, underscoring the company’s ongoing struggle with data security and privacy regulations.
What Does This Mean for Meta?
The most recent €91 million fine adds another blow to Meta’s long-standing data privacy issues. The company has faced growing criticism over its inability to protect user data, especially in an era where cybersecurity is of utmost importance.
Graham Doyle, Deputy Commissioner at the DPC, commented on the breach, stating, “It is widely accepted that user passwords should not be stored in plain text given the potential risks of abuse.”
Storing passwords in plain text is a significant misstep for any tech company, especially one as large and influential as Meta. Doyle added that user passwords are “particularly sensitive”, as they allow access to personal social media accounts, making it all the more critical to store them securely.
Meta’s Path Forward
The DPC has issued a warning alongside the fine, urging Meta to improve its security structures and ensure compliance with GDPR standards. This means that Meta will need to take immediate action to avoid future violations, especially as data privacy regulations continue to tighten.
For Meta, this latest penalty highlights the urgent need to revisit its internal data protection protocols. As more users become aware of how their information is stored and handled, companies like Meta will be held to higher standards.
The €91 million fine is just one of many fines Meta has faced in recent years. However, this penalty sends a clear message about the importance of data security. For users, it’s a reminder to stay cautious about their online privacy, even when dealing with major tech companies.
As Meta continues to grapple with GDPR compliance, we can expect further scrutiny on how it handles user data in the future. The company must now work quickly to restore trust and ensure that breaches like this don’t happen again.
