The open database exposed encrypted passwords but the encryption tool used was the MD5 hash generator. This encryption method provides very little security and has been cracked on many sites previously. Attackers co “I do not know if any other third parties accessed the data while it was exposed, but it seems likely,” Diachenko wrote. After reporting the vulnerability, GrowDiaries asked for additional details and by Oct. 15, the data has been secured, he added. For the GrowDiaries community, passwords must be changed as soon as possible. If not, attackers could potentially use any stolen credentials to attempt fraudulent activity or blackmail. For example, in Malaysia, selling drugs is punishable by death and a simple possession conviction could mean a lengthy prison sentence. In countries including Dubai, Thailand, Singapore, and the Philippines growers and users could be in prison for many years. A representative from GrowDiaries disputed Diachenko’s report in an email, asserting that the company “never acknowledged the incident” and that the data that was allegedly compromised was only test data.GrowDiaries says site data is secure
GrowDiaries databreach exposed 3.4M records of cannabis online community
uld still reveal the GrowDiaries’ passwords in plain-text.
