Hackers exposed roughly 3.4 million user records, including usernames, email addresses and IP addresses, of marijuana cultivators at GrowDiaries.com, an online community where growers blog about their plants and can sell seeds to other growers.
The security breach happened Sept. 22 and was reportedly discovered Oct. 10 by Volodymyr Diachenko, a database security researcher.
Diachenko said he immediately reported the security breach to GrowDiaries, which secured it five days later.
Diachenko published a report about the incident on LinkedIn on Nov. 3.
GrowDiaries did not immediately respond to a request for comment. It’s not clear how many users GrowDiaries has or if they are primarily commercial or home growers.
The IP addresses span a range of provinces and countries, Diachenko wrote.
The attack poses different threats to users, Diachenko wrote, including phishing attacks and attempts to use the stolen information on other applications.