Configuration snafu exposes passwords for two million marijuana growers
GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year.
The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Kibana apps are normally used by a company's IT and development staff, as the app allows programmers to manage Elasticsearch databases via a simple web-based visual interface.
Due to its native features, securing Kibana apps is just as important as securing the databases themselves. But in a report published today on LinkedIn, Bob Diachenko, a security researcher known for discovering and reporting unsecured databases, said GrowDiaries failed to secure two of its Kibana apps, which appear to have been left exposed online without a password since September 22, 2020.