Leafly, the world’s largest cannabis information resource, has leaked customer information due to an unprotected database.
The company discovered the leak on September 30, to which breach notification emails were sent to affected users shortly after.
The user records exposed dated back to July 2, 2016 and contained email addresses, usernames, encrypted passwords, ages, gender, names, location and mobile numbers.
In the notice, users have been advised to immediately change their passwords across all online services they use.
The company said that it does not collect or store national identification numbers or credit card information. Additionally, Leafly added that there is no evidence to show that its production website was accessed without authorisation.
The exposed database has been removed, and a forensic security auditor has been hired to investigate the incident. Leafly is also in the process of reviewing its data protection procedures and practices.
In the notice, Leafly said: “Please accept our sincere apology for any concern this has caused. If you have any questions, please reach out to our customer support team at firstname.lastname@example.org.”
It remains unknown as to how many users were impacted.