Leafly, one of the largest cannabis websites, has revealed it incurred a data breach that affected some of its customers.
A MobileSyrup reader received an email that is being sent to Leafly customers that have been affected. Leafly said in the email that was obtained by MobileSyrup that on September 30th “a set of Leafly user records dated July 2, 2016 held in a secondary Leafly database was disclosed without permission.”
Leafly said in the notice that the user’s email address, the username that was created and an encrypted password from 2016 were included in the records.
“Leafly does not collect credit card information or national identification numbers,” the email read.
MobileSyrup has reached out to Leafly to learn how many customers have been affected and of that how many are Canadian.
The cannabis company said that it is “proactively reaching out to all affected customers,” and it has removed the database that has been implicated in this incident.
It added that it also has “retained a forensic security auditor to evaluate the situation,” and are reviewing the procedures and practices for securing personal data.
Leafly added that there is no evidence that “our production website was compromised,” but said customers should change passwords on Leafly and other services.
“If you share passwords across services and haven’t updated them recently, and you haven’t reset your Leafly password, we recommend you do so now,” the email read.
The Seattle, Washington-based company gets over 15 million monthly visitors and 40 million page views across its website and mobile applications.
The site lets users rate and review different strains of cannabis and cannabis dispensaries.
The company has stores in Los Angeles, Portland, San Francisco, Detroit and Toronto.