Meta fined €91 million by Irish Data Protection Commission over major password breach affecting millions

It follows an investigation into Meta inadvertently storing certain user passwords in plaintext on its internal systems, meaning they were not protected by encryption. The issue applied to millions of Facebook and Instagram users

Facebook parent company Meta has been fined €91 million by the Data Protection Commission (DPC).

It follows an investigation into Meta inadvertently storing certain user passwords in plaintext on its internal systems, meaning they were not protected by encryption. The issue applied to millions of Facebook and Instagram users.

Meta Ireland notified the DPC of the breach in March 2019. The passwords were not made available to external parties.

READ MORE: Body found at recycling plant in Dublin as Gardai seal off the scene - Live updates

READ MORE: 24-hour Status Yellow weather warning issued for three counties as flooding possible

The DPC found a range of infringements of GDPR rules, including failing to notify the commissioner of the data breach, failing to document the data breach, not using appropriate security measures to protect the passwords, and not implementing appropriate organisational measures around the confidentiality of the passwords.

Deputy Commissioner Graham Doyle said: “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.

“It must be borne in mind that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.”

Join our new WhatsApp community! Click this link to receive breaking news and the latest headlines direct to your phone. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don’t like our community, you can check out any time you like. If you’re curious, you can read our Privacy Notice.