4500 cannabis buyers' data leaked, AmEx breaches the details of 700 000 customers


Back to news

Ontario Cannabis Store breached the data of 4500 marijuana buyers due to the vulnerability in the Canada Post website. Among the details exposed there were names, delivery information and tracking numbers.

Canada Post was asked by the Ontario Cannabis Retail Corporation to inform the OCS customers promptly as well as to present the proof that the data wasn’t shared.

The CEO of the OCS, the only provider of recreational cannabis in the region, is seriously concerned about Canada Post’s inability to guarantee safety. 4500 customer orders were accessed by an OCS customer “using OCS reference numbers”. No data distributing was observed.

Almost 700 000 American Express clients in India got their personal details compromised. Names, phone numbers, emails and “description filed” kind of data stored on the MongoDB server was exposed online.

The breach was discovered by Bob Diachenko, director of Cyber Risk Research at Hacken, a cyber security company.

While Diachenko claims that the unprotected database is a job of one of the company’s subcontractors, AmEx insist that Bob might be the only one who accessed the information since they didn’t have any “evidence of unauthorised access”. 

The problem was fixed as soon as it was reported though it was not clear for how long the server defense had been crashed.