Storing passwords in plain text is a major security vulnerability that exposes users to significant risks. When passwords are stored unencrypted, anyone with access to the database can easily read and potentially misuse them12. This practice violates fundamental security principles and can lead to severe consequences:

• Unauthorized access: Hackers who breach the system gain immediate access to all user credentials3.

• Data breaches: Compromised passwords can be used to access other accounts if users reuse passwords across multiple sites3.

• Legal and regulatory issues: Storing passwords in plain text may violate data protection laws like GDPR and industry standards such as PCI DSS4.

• Loss of user trust: Public disclosure of plain text password storage can severely damage an organization's reputation2.

To mitigate these risks, organizations should implement secure password storage techniques like cryptographic hashing with salting, which makes it computationally infeasible to recover the original passwords even if the database is compromised23.

The massive data breaches and privacy violations by Meta have significantly eroded user trust in the company and its platforms. A 2022 survey found that 74% of consumers would stop shopping with their favorite retailers if they couldn't ensure personal data security1. This sentiment is especially strong among younger demographics like Millennials and Gen Z, who are increasingly privacy-conscious. The repeated fines and scandals have led to:

• Increased skepticism about Meta's data handling practices

• Growing demand for stronger privacy controls and transparency

• Users becoming more cautious about sharing personal information

• Some users abandoning or reducing usage of Facebook and Instagram

• Calls for stricter regulation of big tech companies' data practices

Meta has attempted to rebuild trust by offering more privacy options, but regaining user confidence remains an uphill battle given its track record of privacy issues1. The company faces pressure to fundamentally reshape its data-driven business model to align with evolving privacy expectations.

The Irish Data Protection Commission (DPC) imposed a €91 million fine on Meta Platforms Ireland Limited for failing to adequately protect user passwords12. This penalty stems from an investigation launched in April 2019 after Meta reported inadvertently storing certain user passwords in plaintext on its internal systems1. The DPC emphasized that storing passwords without encryption poses significant risks of abuse and violates the EU's General Data Protection Regulation (GDPR), which mandates appropriate security measures for processing personal data1.

Key points of the fine include:

• It's one of several GDPR fines Meta has faced, following a record €1.2 billion penalty in 2023 for improper data transfers1.

• The DPC's decision was submitted to other EU national supervisory authorities in June 2024, with no objections raised to the fine amount1.

• Meta has been ordered to bring its data processing into compliance within 6 months of the final decision notification3.