Password weak hashes have been exposed

Recently, there is community website called cannabis have been exposed around 3.4 Million user records which it include some information related to individuals from the countries.

On October 10, Bob Diachenko have discovered an unprotected database even though the database was indexed by BinaryEdge search engine around September 22.

The database’s name users that have around 1.4 million records reside in the database including those details

  • Email
  • IP Address
  • Username

Another database’s name reports that have around 2 million records reside in the database including those details

  • Email
  • User posts
  • Username
  • MD5-hashed account passwords
growdiaries-password.jpg

Source: Bob Diachenko

Bob Diachenko said

These two Kibana apps granted attackers access to two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.

Reference: Weak Hash Exposes Millions of Passwords on Cannabis Site

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *