The data of over 11,700 Nevada residents who applied to sell medicinal marijuana has been leaked due to a website bug, announced the Nevada Department of Health and Human Services. The vulnerability was detected by security researcher Justin Shafer who started informing dispensaries about the issue.
The applications were eight pages long and included information such as the applicants’ names, home addresses, weight, height, race, hair and eye color, citizenship, and driver’s license and Social Security numbers.
The Nevada Department of Health and Human Services took down the website to prevent other security complications, yet some are concerned that criminals may have already received the leaked information. The website will stay offline until all bugs are fixed.
The Nevada Department of Health and Human Services confirmed to ZDNet that the information was accidentally published online and that it was only “’a portion’ of one of several databases.”
One of the first states to legalize marijuana for medicinal purposes, the drug has been legal in Nevada since 2000. This means some information in the applications could be outdated, but officials haven’t disclosed how old the applications are. In coming days, the victims will be informed about the breach so they can take proper measures and beware of possible fraudsters.