GrowDiaries Exposes 1.4 Mil Cannabis Growers’ Personal Data
Popular cannabis journaling platform GrowDiaries has recently accidentally exposed user records, passwords, emails, and IP addresses of more than 1.4 million cannabis growers.
The online community has members all around the world—many from countries where cannabis is illegal.
A couple of weeks ago, Volodymyr Bob Diachenko, a researcher, has discovered that a database linked to GrowDiaries has been left accessible online. Besides personal data, an additional 3 million user posts (tips, tricks, growing photos) have been left accessible.
The MD5 used for hashing out passwords was compromised and left the users and their data vulnerable to malicious actors. Diachenko says that he isn’t sure whether third-parties accessed the data while it was exposed, but it seems likely that they have. The information has luckily been secured again after a couple of days. However, growers from countries where cannabis is illegal may still face severe consequences, such as legal persecution or even extortion.
Malaysia, for example, punishes drug selling by death, while The Phillippines, Dubai, and Singapore punish possession with a lengthy prison stay.
Diachenko recommends all GrowDiaries users to change their passwords across all platforms to avoid “stuffing” attacks and be on the lookout for any phishing attempts.
GrowDiaries hasn’t yet addressed the breach or responded to inquiries about it. Their FAQ section, however, reassures users that their data is safe and protected on the platform and that they don’t store or share any personal information.
Organizations like GrowDiaries have the responsibility of protecting their users’ cybersecurity. Unfortunately, even though the majority of websites, including GrowDiaries, try to protect their users’ data, they’ll always be a thriving business for data breaches.