• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Data Breaches, A Thorn in Both Your Side and Mine

November 9, 2020 By Josh Stuifbergen

 

Green fingered individuals looking to share tips or expand their knowledge on growing the “Kind Bud” on the website GrowDiaries may be disappointed to discover their data was left vulnerable. The information left exposed by two Kibana applications, each connected to an Elasticsearch database, risked exposure of account credentials and IP addresses.

GrowDiaries resolved the security holes after Bob Diachenko, a prominent data leak security researcher, notified them of their mistake. It is still unknown whether anyone exported any of the data from the exposed database.

Does this story sound familiar? Well, just replace the name of the company, vulnerable technologies, and researcher, and you have the same story echoed almost daily in the news about a new data breach. But hey, bad publicity for these companies is a good reminder for yourself to remain vigilant about how and where you share your information.

If you can’t trust a company with your password, then consider using a different password for each account you have. This may mean using a password manager to relieve the burden of memorizing passwords. Do you have an account on GrowDiaries but live in a country where marijuana cultivation is a serious crime? You may want to think twice about how you connect to a site like GrowDiaries if you believe exposing your IP address leaves you at risk to the authorities. Possible mitigations to exposing your IP address could be through a VPN (address leakage is still possible).

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use