A data breach has compromised the personal details of over 30,000 cannabis users in the U.S.
Researchers Noam Rotem and Ran Locar have revealed that tens of thousands of customers from several marijuana dispensaries in the country have been impacted in the data breach that is linked to a software company called THSuite.
Personal details include full names, photo IDs, phone numbers, and home addresses according to experts at vpnMentor. The researchers said the exposed file that was breached has the details of at least 30,000 people.
At least three dispensaries across the U.S., were impacted by the Amazon S3 bucket leak, named as Amedicanna Dispensary, Bloom Medicinals and Colorado Grow Company.
According to the researchers, “it’s possible” all THSuite of clients had been involved in the breach.
“We were able to access [the] bucket because it was completely unsecured and unencrypted. Using a browser, the team could access all files hosted on the database,” vpnMentor said.
“Cannabis dispensaries have to collect large quantities of sensitive information in order to comply with state laws. THSuite… is designed to simplify this process for dispensary operators by integrating with each state’s API traceability system. As a consequence, the platform has access to a lot of private data related to dispensaries and their customers.”
“[THSuite] never replied to us following the disclosure, the bucket was secured following our reach-out to Amazon. Users should reach out to their dispensaries and find out from them if they are customers of THSuite,” a spokesperson for vpnMentor said to Newsweek.
“This raises serious privacy concerns,” the vpnMentor blog reads. “Medical patients have a legal right to keep their medical information private.” THSuite has been contacted for comment.
“The leaked bucket contained so much data that it wasn’t possible for us to examine all the records individually,” the investigators said. “Instead, we looked through a handful of random entries to understand what types of data were exposed in the breach overall.
“In the sample of entries we checked, we found information related to three marijuana dispensaries in… the US. However, this breach affected many more dispensaries.”