A recent report from SiliconANGLE released information that cannabis company GrowDiaries suffered a data breach with details of 3.4 million users being exposed online.

The data breach incident was first discovered by security researcher Bob Diachenko on LinkedIn but was indexed by search engine BinaryEdge on September 22nd. The database was not taken down until almost a month later. The data exposure was on an unsecured database that had no passwords. This data includes email addresses, IP addresses, usernames, MD5-hashed passwords, and image URL’s.

GrowDiaries confirmed the database exposure but has not disclosed whether user details have been made available from unwanted third parties.

“This breach is yet another example of a company leaving a server and critical information unsecured without any password protection, an unfortunate trend that has been the cause of many recent leaks,” Dr. Vinay Sridhara, chief technology officer of security posture firm Balbix Inc., told SiliconANGLE.

This data breach was a major learning lesson to make sure that all of your organizational databases secure. This breach could also potentially be a potential gold mine for the bad guys to use this information for future planned social engineering attacks if this information is available on the dark web.