Cannabis News Website “Leafly” Exposes Customer Information

Last updated October 12, 2019
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Data leaks are always bad, but when they concern about controversial topics like cannabis, sex orientation, illness, etc., they are even worse. Leafly, one of the world’s most popular cannabis news sources, has exposed customer info after mistakenly leaving a database unprotected. The company has discovered its blunder on September 30, 2019, and has sent warning notices to the affected users. The records that have been exposed data back to July 2, 2016, and contain user email addresses, usernames, encrypted passwords, names, ages, gender, location, and mobile numbers. As Leafly urged the affected in their notice, it would be a good idea to immediately change passwords across all online services that you’re using.

Leafly has 10 million active users every month, and 1.4 million reviews about cannabis strains, dispensaries, and various related products. Recently, the company organized an online education program for training “budtenders”, trying to help their followers to find a job in an emerging and growing market. These people have entered their payment details online, so naturally, they were worried about the breach. Leafly clarifies that the exposed database is just a secondary one, so there were no credit card details involved in the incident.

Right now, Leafly is working with a third party forensic security auditor to help them identify all the aspects of the breach, as well as to secure their systems in a way that minimizes the chances of such an incident occurring again in the future. Besides their sincere apologies to their audience, they are also urging people to contact their customer support team at “[email protected]” and address any questions or concerns that they may have. For now, the website chose not to disclose the actual number of the affected users, and their website remains free of any announcements of this kind.

While the world seems to be turning a page in relation to cannabis, the substance is still considered a dangerous and highly addictive drug for many. That said, the stigma that accompanies the people who are active in this field is still very much a thing. That said, if you’re interested in cannabis, either as a lover of the plant or from a business perspective, be very careful with your personal information and which platforms you choose to share it with. If possible, use email addresses and usernames that don’t reveal your real name.

Are you for or against global cannabis legalization? Share your thoughts with us in the comments down below, or on our socials, on Facebook and Twitter



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: