A software company has accidentally exposed the details of approximately 30,000 legal weed customers. THSuite, an entity that specializes in developing software for marijuana dispensaries, ended up revealing the details of tens of thousands of American cannabis buyers. The data belonged to dispensaries, located in Maryland, Ohio, and Colorado.
Even though some states are considered weed-friendly, they still have strict record-keeping laws that require cannabis dispensaries to collect personal information of legal cannabis users at point of sale, and this is precisely the data that was readily available for download. It consisted of scans of ID cards revealing dates of birth, ID numbers, and current addresses. The sensitive information has been sitting readily available for download for everyone willing to look for it online. The Register reported that it was left accessible to the open internet, and it was reachable by the Shodan.io search engine. The data was stored on an Amazon Web Services S3 storage bucket and was unencrypted. The information seen in the bucket not only included ID scans but also purchase history, emails, and phone numbers.
As for last week, the bucket is no longer available for download. It is currently unknown if criminals have used the leaked information. The information was discovered by cybersecurity researchers on December 24th last year, and two days later was reported to THSuite who secured the file. The researchers who came across the leak confirmed that there might have been records on every dispensary that use THSuite, which means that the 85,000 document leak may include the details of dispensaries operating in California too.
The leak is a reminder about the privacy nightmare legal weed may cause. The US is not the only one in ..
Support the originator by clicking the read the rest link below.
