French Electricity Provider Fined for Storing Users' Passwords with Weak MD5 Algorithm

data breach

AI generated Image

The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022. Furthermore, the authority noted that the passwords associated with 2,414,254 customer accounts had only been hashed and not salted, exposing the account holders to potential cyber threats. The fines arrived less than two weeks after CNIL fined Discord €800,000 for its failure to respect data retention periods for inactive accounts and enforce a strong password policy.

Source read time: 1 min - thehackernews.com

Also offered in: Nederlands

More news for you