Nearly 985,000 cannabis club identity documents were reportedly exposed through public URLs linked to Cannabis Club Systems and PuffPal, raising serious questions about how the industry protects sensitive user data. The incident underscores why privacy is especially critical in cannabis, where leaked information can affect not only finances, but also employment, immigration, reputation, and legal exposure.
How often does a local cannabis club member smoke? What about a tourist? Which strains do they choose? This kind of personal information can be found in the databases of cannabis clubs in Spain and around the world. Fortunately, all this data is stored securely in software systems designed to keep it safe. Or at least, that’s how it should be…
This week, that security chain broke when one of the systems most widely used by cannabis clubs, Cannabis Club Systems, left more than 985,000 identity documents exposed and easily accessible through public URLs without basic controls. While this was supposedly a technical failure, it also raises some more uncomfortable questions, such as how prepared the cannabis industry is to protect one of the most sensitive forms of information it receives from users: their identity.
What Happened?
When you walk into a cannabis club—whether you’re there to become a member or simply as a visitor—it’s very common for staff to collect your personal information for security purposes. This includes a photo of your ID, your age, your nationality, your name, and a photo of your face, among other things. But after that, who stores all this personal information? Where are these documents stored? Who can see them?
A security researcher named Sammy Azdoufal put one of the companies most widely used by cannabis clubs on the defensive after revealing that this information was apparently not as well protected as it should …
Read More
Author: Camila Berriex / High Times