- The flaw existed in the search function of AltMed website.
- It allowed anyone to view customers’ data by just using the site’s search function.
A flaw in the Florida-based AltMed website, a site that distributes marijuana, resulted in exposing customers’ information. The flaw allowed anyone to view customers’ data by just using the site’s search function. In the wake of the data leak, the firm took down its site and began notifying its customers about the breach.
The medical marijuana website AltMed, which also operates under the name of MüV, was informed about the flaw in its website's search function by a customer on the firm’s Facebook page. The firm immediately took down the site and hired a security firm to resolve the issue.
“Within 10 minutes, our Information technology staff removed the search engine function. We then retained Kroll, Inc. an industry leader in data risk and security,” said the company, SC Magazine reported.
The site continues to remain offline and all sections of the site that contain customer information have been disabled temporarily. The number of customers affected and the type of information exposed in the leak is still unknown. However, the company believes that the flaw in the search function may have exposed a limited amount of data.
“Based on the forensic review thus far it appears that there was limited access to the site with limited information accessed. The review will continue until we fully understand what happened and who is responsible,” said the company, SC Magazine reported.