Millions of marijuana growers hit in major data breach

Dealing in drugs like cannabis doesn't have the draw it used to - now criminals are turning to online fraud instead (Image credit: Pixabay)

An online community of marijuana growers has suffered a major data breach after two related apps were made accessible online without administrative passwords.

GrowDiaries was founded to provide support and practical advice for cannabis growers, but identities can remain anonymous, with only usernames visible on the site.

However, security researcher Bob Diachenko has revealed that sensitive information relating to 1.4 million users of the GrowDiaries site, including passwords, email addresses and IP addresses, has been exposed. The breach occurred after two Kibana apps – open source applications that are usually reserved for a company’s development teams and IT staff – were left unsecured since September 22.

The best antivirus software on the market
The best SSL certificate services for your business
Also, check out our list of the best endpoint protection software

Although the exposed passwords were encrypted, they were done so using the MD5 hash generator. This method has been cracked previously, meaning attackers could still potentially reveal the passwords in plain-text form.

Budding criminal activity

Diachenko informed GrowDiaries of the breach and the online platform moved to secure its databases five days later. However, further communication has not been possible. It remains unclear if threat actors were able to obtain user information while it was exposed.

For members of the GrowDiaries community, it is important that passwords are changed as soon as possible. If not, cyberattackers could potentially use any ill-gotten credentials to attempt fraudulent activity.

They should also be extra vigilant against phishing activity, as threat actors could be preparing false emails in order to extract further information or install malware. One other concern, stems from the fact that many GrowDiaries users appear to be based in countries where it is illegal to grow marijuana. Threat actors that have accessed data from the exposed GrowDiaries database could attempt to blackmail individuals by threatening to expose their activity.

Here's our roundup of the best ecommerce platforms

Via ZDNet

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Latest in Security