A recent report from SiliconANGLE released information that cannabis company GrowDiaries suffered a data breach with details of 3.4 million users being exposed online.
The data breach incident was first discovered by security researcher Bob Diachenko on LinkedIn but was indexed by search engine BinaryEdge on September 22nd. The database was not taken down until almost a month later. The data exposure was on an unsecured database that had no passwords. This data includes email addresses, IP addresses, usernames, MD5-hashed passwords, and image URL's.
GrowDiaries confirmed the database exposure but has not disclosed whether user details have been made available from unwanted third parties.
“This breach is yet another example of a company leaving a server and critical information unsecured without any password protection, an unfortunate trend that has been the cause of many recent leaks,” Dr. Vinay Sridhara, chief technology officer of security posture firm Balbix Inc., told SiliconANGLE.
This data breach was a major learning lesson to make sure that all of your organizational databases stay secure. This breach could also potentially be a potential gold mine for the bad guys to use this information for future planned social engineering attacks if this information is available on the dark web.
SiliconANGLE has the full story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
