Knuddels.de
| Primary URL | Location | Industry | knuddels[.]de |
Country
Germany
|
Entertainment
|
|---|
Profile
Knuddels.de operates as a German-based social networking platform, specifically centered around chat functionalities. Its core service involves facilitating user interaction through online chat rooms, positioning it within the social media and digital communication sector primarily serving German-speaking users. The platform gained significant public attention due to a major cybersecurity incident impacting its user base.
On July 20, 2018, Knuddels.de experienced a substantial data breach. This incident compromised sensitive user information on a large scale, exposing approximately 808,000 email addresses and over 1.8 million usernames. Crucially, the platform stored the corresponding user passwords in plain text, representing a severe failure in implementing fundamental security practices. This vulnerability directly led to the unauthorized access and exfiltration of user credentials.
This breach resulted in Knuddels.de receiving a €20,000 penalty from German regulatory authorities. This fine marked Germany's first enforcement action under the General Data Protection Regulation (GDPR), specifically citing the organization's failure to implement adequate technical and organizational measures to protect user data. Pseudonymization and encryption of stored passwords were identified as critical safeguards that were absent. Following the breach, Knuddels.de undertook immediate corrective actions including enhanced security measures, mandatory password resets for all users, and direct notifications to those affected. The organization also cooperated transparently with oversight bodies throughout the investigation and remediation process. These mitigating factors, including the prompt notification and collaborative engagement with authorities, were acknowledged as reasons for the relatively reduced fine amount despite the significant volume and sensitivity of the exposed credentials. The incident underscored the critical importance of robust data protection protocols for online platforms handling personal information.