Data Leak Shows Legal Weed Is a Privacy Nightmare Waiting to Happen


    Photo Illustration by Sarah Rogers/The Daily Beast/ Photos GettyA sales management system specifically geared towards the cannabis industry has exposed the personal information of over 30,000 people by storing it in an unsecured database. The leak itself has been patched, but questions about the consequences of outing who uses a quasi-legal substance hang over the increasingly mainstream industry.THSuite, which makes software for selling cannabis, stashed extensive customer information collected by at least three U.S. dispensaries in plain sight, according to the cybersecurity firm vpnMentor, which warned that many more dispensaries may have been affected. Among the exposed details were full names, dates of birth, phone numbers, emails, addresses, signatures, cannabis varieties and quantities purchased, the amount of money each customer spent, and transaction dates. Medical marijuna dispensaries also exposed patient names and medical ID numbers.Researchers at vpnMentor discovered the leak on Christmas Eve and reported it to THSuite and Amazon in the following days. The companies sealed the information off on January 14, according to the computer scientists. They described the exposure in blunt terms in a press release: “We were able to access THSuite’s S3 bucket [the database] because it was completely unsecured and unencrypted. We could access all files hosted on the database.” THSuite did not respond to a request for comment for this story.Read more at The Daily Beast.Got a tip? Send it to The Daily Beast here


    Please enter your comment!
    Please enter your name here