Across Facebook and Instagram, Meta has been storing more than half a billion users’ passwords in plain text, with some easily readable for more than a decade.
One of Facebook/Meta’s headquarters
One of Facebook/Meta’s headquarters
The issue was first uncovered in 2019 when Facebook admitted to “hundreds of millions” of passwords being stored unencrypted. Facebook, now Meta, said that the passwords were not available outside of the company — but also admitted that around 2,000 engineers had made about 9 million queries on that user database.
Now Meta’s operation in Ireland has finally been fined $101.5 million after a five-year investigation by the Irish Data Protection Commission (DPC). The fine is levied under Europe’s stringent General Data Protection Regulation (GDPR).