When it comes to protecting privacy and not compromising on user data, regulations are taking even more stringent measures with companies and imposing heavy fines in case of violations of the laws. Meta today landed itself in hot waters due to a security lapse that could potentially compromise passwords for Facebook users and is now being charged with a hefty fine over its oversight in such a sensitive matter.
Following an ongoing investigation, Meta has been hit with a $102 Million penalty for violating EU data protection rules
Meta is currently in trouble and is facing a hefty fine of over $100 million (91 million euros) from the Irish Data Protection Commission, which is the EU's privacy regulator, for a security breach involving Facebook users' passwords. The investigation was initiated in 2019 after Meta admitted that it had stored some of the passwords in plaintext and that they were not fully encrypted.
Due to this security lapse, sensitive information was left open for internal employees to access, which constituted a major violation of EU privacy regulations under the General Data Protection Regulation (GDPR). Even though Meta disclosed the information voluntarily and assured that no data was breached, the regulators could still not leave the oversight in the air regarding the potential risk involved.
Deputy Commissioner Graham Doyle said that not storing user passwords in plain text is widely known and accepted due to the potential risk of abuse. Meta mentioned how, after a security review, it was found that a subset of user passwords were in readable format, and the company gave a statement on the issue to bring more clarity to it:
We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly. We proactively flagged this issue to our lead regulator, the Irish Data Protection Commission, and have engaged constructively with them throughout this inquiry.
While the fine levied on the company today is huge, it is not the first time Meta has been hit with heavy penalties. It had previously faced trouble for mishandling minors' data on Instagram and for its data transfer practices as well. Since Meta's European headquarters are in Ireland, the Irish DPC is adamant about ensuring Meta complies with the GDPR and does not violate any rules and regulations.
Follow Wccftech on Google to get more of our news coverage in your feeds.
