Search results for de hashed | Breaking Cybersecurity News | The Hacker News

The French data protection watchdog on Tuesday fined electricity provider Électricité de France (EDF)  €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements. The Commission nationale de l'informatique et des libertés (CNIL)  said  the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the  MD5 algorithm  as recently as July 2022. It's worth noting that MD5, a message digest algorithm, is considered cryptographically broken as of December 2008 owing to the risk of  collision attacks . Furthermore, the authority noted that the passwords associated with 2,414,254 customer accounts had only been hashed and not  salted , exposing the account holders to potential cyber threats. The probe also pointed fingers at EDF for failing to comply with GDPR data retention policies and for providing "inaccurate information on the origin of the data colle...

Update: A hacker yesterday claimed to have hacked the FBI's website running on Plone CMS, but it seems it wasn't hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story (see below) with official statements. A hacker, using Twitter handle CyberZeist , has claimed to have hacked the FBI's website (fbi.gov) and leaked personal account information of several FBI agents publically. CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website's code before making the data public. The hacker exploited a zero-day vulnerability in the Plone CMS , an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin , including their names, passwords, and email accounts. CyberZeist tweeted multiple screenshots as proof of his claims, showing his unauthorized access to server and database files usi...