Cannabis Website Leafly Discloses Data Breach via Email Notification

Leafly, one of the largest cannabis websites in the world, revealed it has suffered from a data breach via an email notification sent to its customers.

According to a report from Bleeping Computer, the cannabis information platform discovered on September 30 that information of its customers stored within user records dated back July 2, 2016, was disclosed through a secondary database.

“On September 30, we teamed that a set of Leafly user records dated July 2, 2016, held in a secondary Leafly database was disclosed without permission. Your email address was in that file,” the email wrote.

As reported by the notification received by the impacted customers, the exposed record contains user email addresses, usernames, encrypted passwords, names, ages, gender, location, and mobile numbers.

ADVERTISEMENT

Leafly Data Breach via Email Notification

The cannabis news giant, however, clarified that it doesn’t collect national identification numbers or credit card information of users. Moreover, there is also no available evidence that could indicate Leafly’s production website was also compromised.

In a report from MobileSyrup, Leafly disclosed it is currently “proactively reaching out to all affected customers,” and has already removed the database that contains the personal information of its thousands of customers.

Moreover, the company also said it has “retained a forensic security auditor” to help understand each aspect of the breach and is currently reviewing the possible course of action for securing personal data.

“[I]t is a good idea to ensure that you use a unique password on Leafly and other services you use. If you share passwords across services and haven’t updated them recently, and you haven’t reset your Leafly password, we recommend you do so now,” the notification email added.

ADVERTISEMENT

Founded in 2010, Leafly now stands as one of the world’s most popular cannabis news sources and the largest cannabis website in the world. It is headquartered in Seattle and aims to promote the benefits of cannabis.

To date, it takes pride in more than 10 million active users per month and about 1.4 million user-generated strain, product and dispensary reviews across its website and mobile applications.

The recent announcement revealing it has incurred a data breach made other cannabis news platforms vulnerable, just like the series of websites affected by a security incident this year.

“Please accept our sincere apology for any concern this has caused. If you have any questions, please reach out to our customer support team at support@leafly.com,” said Leafly in the email notification.

ADVERTISEMENT