• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
french electricity provider fined for storing users' passwords with weak

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

You are here: Home / General Cyber Security News / French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm
November 30, 2022

The French info defense watchdog on Tuesday fined electric power service provider Électricité de France €600,000 for violating the European Union Standard Data Security Regulation (GDPR) specifications.

The Commission nationale de l’informatique et des libertés (CNIL) claimed the electrical utility breached European regulation by storing the passwords for more than 25,800 accounts by hashing them working with the MD5 algorithm as just lately as July 2022.

It can be value noting that MD5, a message digest algorithm, is regarded cryptographically damaged as of December 2008 owing to the risk of collision attacks.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

Additionally, the authority observed that the passwords affiliated with 2,414,254 client accounts had only been hashed and not salted, exposing the account holders to opportunity cyber threats.

The probe also pointed fingers at EDF for failing to comply with GDPR knowledge retention policies and for providing “inaccurate facts on the origin of the knowledge gathered.”

“The quantity of the fine was determined taking into consideration the breaches noticed and the cooperation by the firm and all the steps it has taken during the proceedings to get to compliance with all alleged breaches,” the CNIL said.

The fines arrived fewer than two weeks following CNIL fined Discord €800,000 for its failure to regard data retention periods for inactive accounts and enforce a sturdy password coverage.

Identified this post interesting? Abide by THN on Fb, Twitter  and LinkedIn to go through a lot more exceptional articles we publish.


Some components of this article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News New “Icefall” Bugs Include Critical DoS Flaw
Next Post: This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms this malicious app abused hacked devices to create fake accounts»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • ChatGPT Used to Develop New Malicious Tools
  • Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy
  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Copyright © TheCyberSecurity.News, All Rights Reserved.