Official announcements from Meta, security audits, or third-party reports

Meta Ireland Fined €91 Million ($102M) by Irish Data Protection Commission for Password Storage Lapse

Sep 27, 2024, 12:20 PM

Meta, the parent company of Facebook, Instagram, and WhatsApp, has been fined €91 million ($102 million) by the Irish Data Protection Commission (DPC) for storing user passwords in plaintext without encryption. Meta Ireland received the fine on September 27, 2024, following an investigation that began in 2019 and found that the passwords were accessible to thousands of Meta employees, violating GDPR rules. The breach exposed hundreds of millions of Facebook passwords, leading to the significant penalty from the European Union privacy regulator. Meta was also fined $101.5 million for the 2019 breach.