UPDATED 23:38 EST / NOVEMBER 03 2020

SECURITY

Marijuana growing social website GrowDiaries exposes data of 3.4M users

Marijuana growing social website GrowDiaries has suffered a data breach with the details of 3.4 million users being exposed online.

First discovered by security researcher Bob Diachenko and detailed today on LinkedIn, the data exposure came on an unsecured database that had no password. The data include email addresses, IP addresses, usernames, user posts, MD5-hashed passwords and image URLs.

The exposed database was discovered by Diachenko Oct. 10 but was notably was indexed by the search engine BinaryEdge Sept. 22. The database was not taken down until Oct. 15.

GrowDiaries is reported to have confirmed the database exposure but has not said whether user details have been accessed from unwanted third parties.

“This breach is yet another example of a company leaving a server and critical information unsecured without any password protection, an unfortunate trend that has been the cause of many recent leaks,” Dr. Vinay Sridhara, chief technology officer of security posture firm Balbix Inc., told SiliconANGLE. “The encrypted passwords are particularly worrisome because MD5 has various known security flaws, enabling an attacker to easily hack and access them. Online sites such as GrowDiaries that require users to create accounts and that collect personal data should at the very least implement basic cyberhygiene.”

Rusty Carter, chief product officer at security operations company LogRhythm Inc,. noted that GrowDiaries users are now vulnerable to a number of attacks and threats. “This raises the risk of credential stuffing, which occurs when attackers leverage stolen passwords from one website for use across multiple different places since many people tend to reuse their credentials,” he warned.

Anurag Kahol, chief technology officer and co-founder of cloud access security broker firm Bitglass Inc., added that “affected users are placed at great risk of having other online accounts with sensitive data compromised in credential stuffing attacks. In fact, four out of five global data breaches are perpetrated from stolen passwords.”

Photo: GrowDiaries

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU