Over 3.4 Million Marijuana Growers’ Records Leaked Online

The GrowDiaries website, a community for marijuana growers, exposed more than 3.4 million user records due to a misconfigured database. The unprotected database was discovered online on October 10, 2020, by security researcher Bob Diachenko.

The database contained 1,427,347 records with users’ email addresses and IP addresses, as well as 2 million posts, usernames, and hashed account passwords (using the outdated and insecure MD5 algorithm).

On October 10, Diachenko reported the incident to the GrowDiaries administrators. On October 12, the site requested additional information, and only three days later, on October 15, was the data leak finally fixed. The incident did not affect users’ financial data.

The leaked data could be used by cybercriminals for attacks, but that’s not the only concern. Users in countries where growing or using marijuana is illegal may face legal prosecution or extortion as a result of the breach.