French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

Cyber Security

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.

The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.

It’s worth noting that MD5, a message digest algorithm, is considered cryptographically broken as of December 2008 owing to the risk of collision attacks.

CyberSecurity

Furthermore, the authority noted that the passwords associated with 2,414,254 customer accounts had only been hashed and not salted, exposing the account holders to potential cyber threats.

The probe also pointed fingers at EDF for failing to comply with GDPR data retention policies and for providing “inaccurate information on the origin of the data collected.”

“The amount of the fine was decided considering the breaches observed and the cooperation by the company and all the measures it has taken during the proceedings to reach compliance with all alleged breaches,” the CNIL said.

The fines arrive less than two weeks after CNIL fined Discord €800,000 for its failure to respect data retention periods for inactive accounts and enforce a strong password policy.

Products You May Like

Articles You May Like

AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking
FTX estate selling majority stake in AI startup Anthropic for $884 million, with bulk going to UAE
Samsung Galaxy M55 Live Images, Key Features Leak Again; Tipped to Launch in India Alongside Galaxy M15
Samsung Galaxy S25 Prototype Images Leak, Hinting at Four Possible Design Options
Anthropic is lining up a new slate of investors, but the AI startup has ruled out Saudi Arabia

Leave a Reply

Your email address will not be published. Required fields are marked *