Leafly Cannabis Website Leaked User Info via Exposed Database

Leafly Cannabis Website Leaked User Info via Exposed Database


Cannabis information platform Leafly sent notification emails to some of its customers letting them know that some of their information was exposed in a data leak incident.


Leafly is "the world’s largest cannabis information resource" as the company says in a press release released four days ago and it "helps people discover, find, and buy cannabis and empowers cannabis businesses to attract and retain loyal customers through advertising and technology services," 


"With 10 million monthly active users and 1.4 million user-generated strain, product, and dispensary reviews, Leafly has the largest and fastest-growing audience in the cannabis industry," also says a press release from June 2019.


Users' credit card information was not exposed


Leafly discovered on September 30 that customer information stored within user records from July 2, 2016, was exposed by a secondary database.


"On September 30, we teamed that a set of Leafly user records dated July 2, 2016 held in a secondary Leafly database was disclosed without permission. Your email address was in that file," says the alert delivered to impacted customers.


Leafly added that the company does not collect or store national identification numbers or credit card information, and that there is no evidence that its production website was also accessed without authorization in the security incident.


For some users [1, 2, 3,