Meta fined for storing millions of Facebook and Instagram passwords in plain text

Meta fined for storing millions of Facebook and Instagram passwords in plain text

The Irish Data Protection Commission announced on Friday that Meta will have to pay a $91 million fine for storing Facebook and Instagram passwords in plain text — meaning without any kind of encryption to protect them. The decision was made after an investigation that began in April 2019 and has spanned the past five years.

According to regulators, the financial penalty responds to the fact that Meta violated multiple articles of the European Union's General Data Protection Regulation (GDPR) by not properly protecting the passwords of hundreds of millions of Facebook and Instagram users.

While $91 million may not seem like a lot for a company of Meta's caliber, it adds to the many other fines Mark Zuckerberg's employees have received in Europe in recent years.

Meta received a record $1.2 billion penalty in May 2023 for improperly using its users’ information to show them personalized ads. But before that, between September 2021 and January 2023, it was penalized on multiple occasions for violating the GDPR, accumulating more than $1 trillion in penalties.

The Facebook and Instagram password storage lapse is yet another chapter in the tense saga shared by Meta and European regulators. Everything suggests that Meta or any other big tech company will not make such a blunder in the future. Although it is clear that storing passwords in plain text was an incredibly egregious mistake even in 2019. A failure that adds several million dollars to the long list of fines that Mark Zuckerberg and company have had to face in recent years.