Nevada Website Bug Leaks Thousands of Medical Marijuana Dispensary Applications



An anonymous reader quotes a report from ZDNet: Nevada’s state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person’s full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant’s citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state’s website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we’re not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a “portion” of one of several databases.

On this topic: ( from category )

    Leave feedback

    Your email address will not be published. Required fields are marked *

    *
    *

    five × 5 =

    Top