Passwords of two-million Marijuana Growers Exposed Online

GrowDiaries, a community of Marijuana growers suffered a data breach due to the use of a weak MD5 Hashing Function.

An Online community named GrowDiaries, where marijuana growers can discuss about their plants and engage with other farmers, suffered a data breach last month where 2 million passwords were leaked online.

Read: 46+ Must-Know Cyber Security Stats and Facts (2020)

The breach happened because of the company’s oversight. They accidentally left 2 Kibana apps unsecured on the internet without admin passwords.

Kibana apps are used for administrative purposes by the company’ IT and development teams. It allows users to manage databases through a single visual interface. Thus, it’s necessary to secure these apps to ensure the whole platform’s security

But in this report that was published on LinkedIn today, A security researcher named Bob Diachenko stated that, GrowDiaries overlooked it’s security and left two Kibana apps unsecured. These apps were left without a password since September 22, 2020.

He further said that these two apps allowed the hackers to access two sets of Elasticsearch databases, one had over 1.4 million user records and the second included more than two million user data points.