The social network Knuddels.de must pay a fine in the amount of 20,000 euros, because it had stored passwords of users unencrypted. Thus, the company from Karlsruhe violated the obligation to ensure the security of personal data, informed the Baden-Wuerttemberg data protection commissioner Stefan Brink on Thursday in Stuttgart.
He told the company that after a hacker attack, it turned to the DPA and informed users immediately and extensively about the attack. According to the company, around 808,000 e-mail addresses and 1,872,000 pseudonyms and passwords were stolen by unknown persons and published on the Internet.
In addition to the chat name, some users have also made their password, e-mail address as well as information on the real first name or place of residence public. Users of the platform should therefore necessarily change their password, if they have not already done so. This is especially true if you use the same password or a similar variation on other websites.
Brink said the company worked in exemplary fashion with his agency and significantly improved IT security. "Those who learn from harm and act transparently to improve data protection can emerge stronger as a company from a hacker attack.
The managing director of Knuddels GmbH & Co. KG, Holger Kujath, said: "The hacker attack was a real test of stress for Knuddels." It was immediately clear that the trust of users could only be regained with transparent communication and an immediate noticeable improvement in IT security. "Knuddels is safer than ever."
Knuddels claims to have more than two million registered members. Since May, new European data protection rules have been in force and have been laid down in the General Data Protection Regulation (GDPR). They provide for fines of up to € 20 million or, in the case of a company, a fine of up to four percent of the annual turnover achieved worldwide.
The GDPR - simply explained
Basic Data Protection RegulationWhat the new EU rules mean for citizens