A total 3.4 million user records exposed was discovered by cybersecurity researcher Volodymyr Bob Diachenko on October 10, 2020.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
GrowDiaries, a community website of cannabis growers, has left email addresses, passwords, IP address records and posts of 1.4 million cannabis growers without a password.
A total 3.4 million user records exposed was discovered by cybersecurity researcher Volodymyr Bob Diachenko on October 10, 2020.
He found a database that included two large indexes of user data. The first had 1.4 million email id and password records, and second consisted of 2 million records with user posts and hashed account passwords.
According to Diachenko, the passwords were hashed using MD5, a deprecated algorithm that an attacker could easily crack to access passwords in plain-text.
The IP addresses spanned a range of provinces and countries, in some of which…