Marijuana Website ‘GrowDiaries’ Exposed User Data

GrowDiary is a social media platform where marijuana growers can post posts about their plants and talk to other growers. Two of its servers have leaked user data such as usernames and passwords.

Loss of security of GrowDiary

Security researcher Bob Diachenko posted a report on LinkedIn stating that GrowDiary did not secure two of its Kibana apps used to manage Elasticsearch databases. As a result, one database with 1.4 million records exposed usernames, email addresses and IP addresses, and the second database with 2 million records exposed user passwords and posts. Payment details were not exposed. Passwords were hashed using MD5, an algorithm known to be easily cracked.

Mr. Diachenko discovered the databases on October 10, 2020. GrowDiary acknowledged the breach and secured the data on October 15. The company did not disclose whether the databases were accessed by unwanted third parties, but Mr. is not the only one looking for insecure servers.