The European Union’s lead privacy regulator has fined Meta €91 million ($101.5 million) for inadvertently storing users’ passwords in plaintext without proper protection or encryption. The Irish Data Protection Commission (DPC) launched an investigation five years ago after Meta reported the breach.
Meta publicly acknowledged the incident at the time and the DPC said the passwords were not made available to external parties.
The DPC emphasised the risks associated with storing passwords in plaintext, calling it a significant security lapse.
