420 with CNW — GrowDiaries Mishap Leaves Million
Post# of 419
(Total Views: 237)
Posted On: 11/20/2020 2:11:56 AM
420 with CNW — GrowDiaries Mishap Leaves Millions of Cannabis Grower Passwords Exposed
GrowDiaries is an online community of cannabis growers that allows its members to ask questions, interact with other members and blog about their crops. In September, the company suffered a major security breach that left millions of users’ posts, passwords and other data exposed. The unprotected database was discovered by researcher Volodymyr “Bob” Diachenko on Oct. 10, 2020. Diachenko, who is known for pointing out unsecured databases, said the company was responsible for the vulnerability.
He reports on LinkedIn that two Kibana apps, which are usually used by IT and development staff to manage Elasticsearch databases, were left unsecured without a password since September 22. Through these two unsecured apps, attackers could access two sets of Elasticsearch databases. According to Diachenko, the databases consisted of around 1.4 million records containing IP addresses and email addresses and another 2 million records containing hashed account passwords and user posts.
The MD5 hashed format that the passwords were stored in is notoriously vulnerable, says Diachenko, and attackers could easily crack it and access the plain-text passwords, allowing them access to the users’ data. The exposed IP addresses spanned a wide range of provinces and countries, including a couple that still outlaw cannabis. After Diachenko reported the unsecured Kibana apps to GrowDiaries, the company secured its database but did not offer any further communication.
He states that since he probably wasn’t the only one looking for databases vulnerable to attackers, it is very likely that someone else was able to access and download user data from GrowDiaries’ Elasticssearch databases. Although the company has not replied to any inquiries on the matter, the website’s FAQ portion assures customers that their data is safe. “GrowDiaries is entirely safe and sound to use and retail outlet information on. We do not shop or share any particular information and facts. All meta-knowledge is erased.”
Diachenko advises GrowDiaries users to change their passwords across all platforms, not just on GrowDiaries, to avoid “stuffing” attacks. These kinds of attacks employ an automated bug that plugs in different combinations of stolen passwords and usernames in an attempt to break into other websites and apps.
Community members should also keep an eye out for phishing attacks where an individual is sent an email, text or instant message with a malicious link. Clicking on these links allows attackers to install malware onto your system, freeze it as part of a ransomware attack orsteal funds and sensitive information.
An entity that you should watch in the cannabis industry is The Alkaline Water Company Inc. (NASDAQ: WTER) (CSE: WTER). This company not only makes premium alkaline water but also has a line of CBD-infused topical as well as ingestible products.
Please see full terms of use and disclaimers on the CannabisNewsWire website applicable to all content provided by CNW420, wherever published or re-published: http://CNW.fm/Disclaimer
GrowDiaries is an online community of cannabis growers that allows its members to ask questions, interact with other members and blog about their crops. In September, the company suffered a major security breach that left millions of users’ posts, passwords and other data exposed. The unprotected database was discovered by researcher Volodymyr “Bob” Diachenko on Oct. 10, 2020. Diachenko, who is known for pointing out unsecured databases, said the company was responsible for the vulnerability.
He reports on LinkedIn that two Kibana apps, which are usually used by IT and development staff to manage Elasticsearch databases, were left unsecured without a password since September 22. Through these two unsecured apps, attackers could access two sets of Elasticsearch databases. According to Diachenko, the databases consisted of around 1.4 million records containing IP addresses and email addresses and another 2 million records containing hashed account passwords and user posts.
The MD5 hashed format that the passwords were stored in is notoriously vulnerable, says Diachenko, and attackers could easily crack it and access the plain-text passwords, allowing them access to the users’ data. The exposed IP addresses spanned a wide range of provinces and countries, including a couple that still outlaw cannabis. After Diachenko reported the unsecured Kibana apps to GrowDiaries, the company secured its database but did not offer any further communication.
He states that since he probably wasn’t the only one looking for databases vulnerable to attackers, it is very likely that someone else was able to access and download user data from GrowDiaries’ Elasticssearch databases. Although the company has not replied to any inquiries on the matter, the website’s FAQ portion assures customers that their data is safe. “GrowDiaries is entirely safe and sound to use and retail outlet information on. We do not shop or share any particular information and facts. All meta-knowledge is erased.”
Diachenko advises GrowDiaries users to change their passwords across all platforms, not just on GrowDiaries, to avoid “stuffing” attacks. These kinds of attacks employ an automated bug that plugs in different combinations of stolen passwords and usernames in an attempt to break into other websites and apps.
Community members should also keep an eye out for phishing attacks where an individual is sent an email, text or instant message with a malicious link. Clicking on these links allows attackers to install malware onto your system, freeze it as part of a ransomware attack orsteal funds and sensitive information.
An entity that you should watch in the cannabis industry is The Alkaline Water Company Inc. (NASDAQ: WTER) (CSE: WTER). This company not only makes premium alkaline water but also has a line of CBD-infused topical as well as ingestible products.
Please see full terms of use and disclaimers on the CannabisNewsWire website applicable to all content provided by CNW420, wherever published or re-published: http://CNW.fm/Disclaimer
(0)
(0)