Exposed records include user’s email addresses, usernames and encrypted passwords, fortunately, no financial data
For some users, the database also leaked names, ages, gender, location, and mobile numbers.
“On September 30, we teamed that a set of Leafly user records dated July 2, 2016 held in a secondary Leafly database was disclosed without permission. Your email address was in that file,” reads the notification email sent to the impacted customers. “
The company hired a forensic security firm to help its staff in the investigation. The company recommends users to reset the password and use a unique password for each service online.
“However, it is a good idea to ensure that you use a unique password on Leafly and other services you use. If you share passwords across services and haven’t updated them recently, and you haven’t reset your Leafly password, we recommend you do SO DOW,” continues the notification mail.
“Please accept our sincere apology for any concern this has caused. If you have any questions, please reach out to our customer support team at firstname.lastname@example.org,” states Leafly.
At the time it is not clear the number of impacted users.