In a shocking revelation, Meta has been hit with a $101 million fine by Irish regulators for storing hundreds of millions of user passwords in plaintext, a major breach of basic cybersecurity practices. The European Union’s General Data Protection Regulation (GDPR) violation marks another hefty penalty for the social media giant, which has now accumulated over $2.23 billion in fines.
The security lapse was first disclosed by Meta in 2019, when the company admitted that engineers had logged user passwords in plaintext. Over 2,000 employees had unrestricted access, with passwords being queried over 9 million times. Despite claims that no passwords were improperly accessed, the breach exposed users to severe risks.
For over 30 years, industry best practices have dictated that passwords should be stored using cryptographic hashing, a process that renders them irretrievable without massive computational effort. Meta’s failure to hash passwords led to a prolonged five-year investigation, resulting in the hefty fine from the Irish Data Protection Commission.
This latest penalty underscores the critical importance of proper password storage, particularly for companies handling sensitive user data. As Meta faces growing scrutiny, the message from regulators is clear: mishandling user information comes with an enormous price tag.
