Meta received a slap on the wrist on Friday to the tune of 91 million euros ($102 million) for breaking Europe's strict privacy rules. The company hadn't put enough protections in place to secure people's social media passwords, and realized it was accidentally storing them in plain text.

The Irish Data Protection Commissioner, which is in charge of ensuring Meta abides by Europe's General Data Protection Regulation, issued the fine following a five-year investigation, stretching back to 2019. It was looking at whether Meta had failed to meet its obligation to guarantee users appropriate privacy and security, and report any problems to the DPC.

"It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Deputy Commissioner Graham Doyle in a statement. "It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."

The GDPR, which came into force in 2018, holds companies to high standards when it comes to protecting Europeans' privacy. As part of the rules, companies operating in the region must be proactive in ensuring that they're transparent about any potential privacy problems they discover. In line with these rules, Meta reported the problem when it made the discovery.

"As part of a security review in 2019, we found that a subset of FB users' passwords were temporarily logged in a readable format within our internal data systems," a spokesperson for the company said on Friday. "We took immediate action to fix this error, and there is no evidence that these passwords were abused or accessed improperly."

It's not the first time Meta has fallen foul of privacy rules, but the company says it's taken steps to make sure something similar can't happen in the future.