Green fingered individuals looking to share tips or expand their knowledge on growing the “Kind Bud” on the website GrowDiaries may be disappointed to discover their data was left vulnerable. The information left exposed by two Kibana applications, each connected to an Elasticsearch database, risked exposure of account credentials and IP addresses.
GrowDiaries resolved the security holes after Bob Diachenko, a prominent data leak security researcher, notified them of their mistake. It is still unknown whether anyone exported any of the data from the exposed database.
Does this story sound familiar? Well, just replace the name of the company, vulnerable technologies, and researcher, and you have the same story echoed almost daily in the news about a new data breach. But hey, bad publicity for these companies is a good reminder for yourself to remain vigilant about how and where you share your information.
If you can’t trust a company with your password, then consider using a different password for each account you have. This may mean using a password manager to relieve the burden of memorizing passwords. Do you have an account on GrowDiaries but live in a country where marijuana cultivation is a serious crime? You may want to think twice about how you connect to a site like GrowDiaries if you believe exposing your IP address leaves you at risk to the authorities. Possible mitigations to exposing your IP address could be through a VPN (address leakage is still possible).