Home GDPR #Privacy: Cannabis website exposes customer data
GDPR - October 14, 2019

#Privacy: Cannabis website exposes customer data

Leafly, the world’s largest cannabis information resource, has leaked customer information due to an unprotected database.

The company discovered the leak on September 30, to which breach notification emails were sent to affected users shortly after. 

The user records exposed dated back to July 2, 2016 and contained email addresses, usernames, encrypted passwords, ages, gender, names, location and mobile numbers. 

In the notice, users have been advised to immediately change their passwords across all online services they use.

The company said that it does not collect or store national identification numbers or credit card information. Additionally, Leafly added that there is no evidence to show that its production website was accessed without authorisation. 

The exposed database has been removed, and a forensic security auditor has been hired to investigate the incident. Leafly is also in the process of reviewing its data protection procedures and practices. 

In the notice, Leafly said: “Please accept our sincere apology for any concern this has caused. If you have any questions, please reach out to our customer support team at support@leafly.com.”

It remains unknown as to how many users were impacted.

The post #Privacy: Cannabis website exposes customer data appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Analysis: The Cyber Impact of Biden/Putin Summit Meeting

Experts Discuss Impact of ‘Transformational Moment’After U.S. President Joe Bi…