Leafly, a cannabis information platform, suffered a data leak that exposed the personal information of some of its customers.
Leafly, the world’s leading cannabis resource, informed its customers via email that has suffered a data leak. On September 30, the company discovered that customer
The companydiscovered on September 30 that a secondary database was exposing customer information from July 2, 2016.
Exposed records include user’s email addresses, usernames and encrypted passwords, fortunately, no financial data was collected by the company.
For some users, the database also leaked names, ages, gender, location, and mobile numbers.
“On September 30, we teamed that a set of Leafly user records dated July 2, 2016 held in a secondary Leafly database was disclosed without permission. Your email address was in that file,” reads the notification email sent to the impacted customers.“Leafly does not collect credit card information or national identification numbers,”
The company hired a forensic security firm to help its staff in the investigation. The company recommends users to reset the password and use a unique password for each service online.
“However, it is a good idea to ensure that you use a unique password on Leafly and other services you use. If you share passwords across services and haven’t updated them recently, and you haven’t reset your Leafly password, we recommend you do SO DOW,” continues the notification mail.
“Please accept our sincere apology for any concern this has caused. If you have any questions, please reach out to our customer support team at email@example.com,” states Leafly.
At the time it is not clear the number of impacted users.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.