Deputy Commissioner Graham Doyle emphasized the critical importance of password security, stating, 'It is widely accepted that user passwords should not be stored in 'plaintext' considering the risks of abuse that arise from persons accessing such data.' He noted that the passwords involved in this case are particularly sensitive as they enable access to users' social media accounts.
The Irish Data Protection Commission (DPC) has confirmed that Meta suffered four breaches of GDPR, resulting in a €91 million fine for inadequate password storage protocols. They launched an investigation after Meta admitted to inadvertently retaining user passwords without encryption.
In 2023, this decision follows a series of penalties levied against Meta for severe data protection failures, including a record €1.2 billion fine for mishandling data and a €265 million fine for exposing user data on a hacking forum.
This reprimand against Meta comes amid increasing scrutiny of tech companies regarding user data privacy, highlighting the urgency for stringent data protection measures in compliance with regulations like GDPR.
[
Collection
]
[
|
...
]