GrowDiaries is an online community of cannabis growers that allows its members to ask questions, interact with other members and blog about their crops. In September, the company suffered a major security breach that left millions of users’ posts, passwords and other data exposed. The unprotected database was discovered by researcher Volodymyr “Bob” Diachenko on Oct. 10, 2020. Diachenko, who is known for pointing out unsecured databases, said the company was responsible for the vulnerability.
He reports on LinkedIn that two Kibana apps, which are usually used by IT and development staff to manage Elasticsearch databases, were left unsecured without a password since September 22. Through these two unsecured apps, attackers could access two sets of Elasticsearch databases. According to Diachenko, the databases consisted of around 1.4 million records containing IP addresses and email addresses and another 2 million records containing hashed account passwords and user posts.
The MD5 hashed format that the passwords were stored in is notoriously vulnerable, says Diachenko, and attackers could easily crack it and access the plain-text passwords, allowing them access to the users’ data. The exposed IP addresses spanned a wide range of provinces and countries, including a couple that still outlaw cannabis. After Diachenko reported the unsecured Kibana apps to GrowDiaries, the company secured its database but did not offer any further communication.
He states that since he probably wasn’t the only one looking for databases vulnerable to attackers, it is very likely that someone else was able to access and download user data from GrowDiaries’ Elasticssearch databases. Although the company has not replied to any inquiries on the matter, the website’s FAQ portion assures customers that their data is safe. “GrowDiaries is entirely safe and sound to use and retail outlet information on. We do not shop or share any particular information and facts. All meta-knowledge is erased.”
Diachenko advises GrowDiaries users to change their passwords across all platforms, not just on GrowDiaries, to avoid “stuffing” attacks. These kinds of attacks employ an automated bug that plugs in different combinations of stolen passwords and usernames in an attempt to break into other websites and apps.
Community members should also keep an eye out for phishing attacks where an individual is sent an email, text or instant message with a malicious link. Clicking on these links allows attackers to install malware onto your system, freeze it as part of a ransomware attack orsteal funds and sensitive information.
An entity that you should watch in the cannabis industry is The Alkaline Water Company Inc. (NASDAQ: WTER) (CSE: WTER). This company not only makes premium alkaline water but also has a line of CBD-infused topical as well as ingestible products.
About CNW420
CNW420 spotlights the latest developments in the rapidly evolving cannabis industry through the release of two informative articles each business day. Our concise, informative content serves as a gateway for investors interested in the legalized cannabis sector and provides updates on how regulatory developments may impact financial markets. Articles are released each business day at 4:20 a.m. and 4:20 p.m. Eastern – our tribute to the time synonymous with cannabis culture. If marijuana and the burgeoning industry surrounding it are on your radar, CNW420 is for you! Check back daily to stay up-to-date on the latest milestones in the fast -changing world of cannabis.
To receive instant SMS alerts, text CANNABIS to 21000 (U.S. Mobile Phones Only)
For more information please visit https://www.CNW420.com
Please see full terms of use and disclaimers on the CannabisNewsWire website applicable to all content provided by CNW420, wherever published or re-published: http://CNW.fm/Disclaimer
Do you have questions or are you interested in working with CNW420? Ask our Editor
CannabisNewsWire420
Denver, Colorado
http://www.CNW420.com
303.498.7722 Office
Editor@CannabisNewsWire.com
CNW420 is part of the InvestorBrandNetwork.
