Meta fined 91 million euros for storing passwords – Euractiv FR

In a press release published on Friday September 27, the Irish Data Protection Commission (DPC) fined Meta €91 million for storing “inadvertently” user passwords without cryptographic protection or encryption, closing a five-year-old case.

Meta discovered, during a security review in January 2019, that it had stored the passwords of users of its social networks in clear text, in its internal databases. Which means they were accessible to thousands of employees, affecting millions of users, reported CNN at the time.

The Irish branch of Meta then informed the authorities responsible for regulating the parent company of Facebook and Instagram within the European Union (EU), and the DPC investigation began in April 2019.

The Irish Data Protection Commission submitted its draft decision to other EU and European Economic Area (EEA) authorities in June this year and received no objections.

“It is widely accepted that user passwords should not be stored in plain text, given the risks of abuse that arise from people accessing this data”said Graham Doyle, Deputy Commissioner at the DPC, in a press release.

Meta was therefore found guilty of violating the General Data Protection Regulation (GDPR), in particular for not having secured these passwords and not having notified the regulatory authority.

[Édité par Anna Martino]