u/michaelnovati replied ·
I worked at Meta for 8 years and don't know about this from the inside and am commenting from my personal point of view.
I believe this was a bug revealed long ago and the fine is finally decided.
The bug wasn't as silly as it sounds if I remember the press and it was a logging issue and not an issue with the security architecture.
It does go to show that client side apps with access to all the decrypted data can have logging bugs even if the fundamental feature is secure.