Cybersecurity, Cybersecurity News, Vulnerabilities

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

0 0
Share This Content
Read Time:1 Minute, 3 Second

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.

The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.

It’s worth noting that MD5, a message digest algorithm, is considered cryptographically broken as of December 2008 owing to the risk of collision attacks.

Furthermore, the authority noted that the passwords associated with 2,414,254 customer accounts had only been hashed and not salted, exposing the account holders to potential cyber threats.

The probe also pointed fingers at EDF for failing to comply with GDPR data retention policies and for providing “inaccurate information on the origin of the data collected.”

“The amount of the fine was decided considering the breaches observed and the cooperation by the company and all the measures it has taken during the proceedings to reach compliance with all alleged breaches,” the CNIL said.

The fines arrive less than two weeks after CNIL fined Discord €800,000 for its failure to respect data retention periods for inactive accounts and enforce a strong password policy.

 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
العربية简体中文NederlandsEnglishFrançaisDeutschItalianoPortuguêsРусскийEspañol
0
Would love your thoughts, please comment.x
()
x