Letting the world know you sell marijuana — even exclusively for medical purposes — is something not every medical marijuana employee is comfortable with. There’s still a stigma when it comes to pot, not to mention the dangers of associated with possessing a substance that a lot of people would probably like to steal from you. Members of Nevada’s medical marijuana program now have that cloud hanging over them as the state’s application database was wide open for anyone who wanted to sneak a peek, exposing over 11,000 applications that revealed details like home address, phone number and even full Social Security numbers.
As the Daily Dot reports, the database vulnerability was discovered by Justin Schafer, a security researcher who focuses on medical services. Schafer was able to access PDFs of application forms with nothing more than a simple Google search, which has since been duplicated and verified.
The applications exposed by the leaky database are from individuals who have applied to work at marijuana dispensaries all over Nevada. Some 11,700 individuals are impacted by the undeniably lax security of the state’s program, which also exposed birthdates, names, and driver’s license numbers. The entire database has since been taken offline, presumably to rectify the glaring flaw.
It’s not clear exactly what the Nevada Division of Public and Behavioral Health had in mind when it made the application PDFs so easily accessible, but it obviously wasn’t terribly well thought out. As for those whose information was included in the massive leak, hopefully nobody shows up at their front door looking for a quick fix or a friendly discount.