Facebook parent company Meta has been fined €91m (£75m) by the Irish Data Protection Commission (DPC) following an investigation into the storage of passwords.
An inquiry was launched in April 2019 after Meta notified the DPC that it had inadvertently stored certain passwords of social media users on its internal systems without encryption.
The DPC submitted a draft decision to other European data watchdogs in June 2024.
No objections were raised by the other authorities.
Meta has been found to have four breaches of General Data Protection Regulation (GDPR).
DPC deputy commissioner Graham Doyle said: “It is widely accepted that user passwords should not be stored in ‘plaintext’ considering the risks of abuse that arise from persons accessing such data.
“It must be borne in mind, that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.” he added.
The decision, which was made by the commissioners for data protection, Dr Des Hogan and Dale Sunderland, and notified to Meta on September 26, includes a reprimand and a fine. (BBC)
