back to article Sorry to be blunt about this... Open AWS S3 storage bucket just made 30,000 potheads' privacy go up in smoke

A tech biz specializing in software for marijuana dispensaries inadvertently exposed to the public internet a database containing tens of thousands of mellow Americans' personal information. The leak-busting team at vpnMentor took credit for unearthing the unprotected Amazon Web Services S3 storage bucket, owned by THSuite, a …

  1. Androgynous Cow Herd

    Dude...Where's my data?

    IF this included medical dispensaries, How about thousands of HIPAA violations on top of the normal data breach stuff....

    1. macjules

      Re: Dude...Where's my data?

      S3 major breaches list: https://github.com/nagwww/s3-leaks

      1. disgruntled yank

        Re: Dude...Where's my data?

        An S3 leak list that ends in 2018 is something like one of those old globes one encounters at yard sales that shows Czechoslovakia. Actually, given the speed of the internet, maybe I should say "shows the Ottoman Empire".

        1. ab-gam

          Re: Dude...Where's my data?

          I think I'd actually like a globe that shows Czechoslovakia. I wonder if it's too cold for proper yard sales this weekend?

  2. fredesmite
    Mushroom

    Dave is that you ?

    Dave who ?

    Dave - YOU - man - you are DAVE

    No man , Dave's not here

    1. Anonymous Coward
      Anonymous Coward

      Re: Dave is that you ?

      Did I say Dave? I meant Fred.

  3. skeptical i

    dang vape-r-ware

  4. jake Silver badge

    At this stage of the game, one has to ask ...

    ... are the people still using AWS stoned, or just naturally stupid?

    1. John Geek
      Facepalm

      Re: At this stage of the game, one has to ask ...

      .... Yes....

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: At this stage of the game, one has to ask ...

      "are the people still using AWS stoned, or just naturally stupid?"

      Cloud, shiney, new.

      Did I mention shiney?

      It seems like an IQ test should be required to use AWS services, because there are a lot of dumb fucks out there using it

  5. Anonymous Coward
    Anonymous Coward

    instead of credit monitoring...

    maybe I can have an oz of sour diesel as compensation for my loss of privacy...?

  6. Korev Silver badge
    Coat

    It looks like their security has gone to pot...

    1. Korev Silver badge
      Coat

      Weed need to look at this breach carefully...

    2. macjules
      Facepalm

      It's all gone Up In Smoke ...

  7. israel_hands
    Flame

    You Keep Knocking But You Can't Come Eeeeen!

    More important than the data breach itself, what the fuck is the poor girl in the header image smoking? Why the fuck do yanks insist on smoking their greenery in those brown skins? Are they liquirice flavoured or has someone dropped it in a mug of coffee and then left it drying on the radiator? And don't get me started on those vile flavoured blunt things that are more like a slighlty moist camping mat than a proper Vera.

    The only reason to roll anything in a flavoured skin is if the stuff you've been sold tastes like flaming dog shit when you spark up. And if it does, then you need to sort out your supply chain, not attempt to mitigate the taste by wrapping it in a bubblegum flavoured rattan mat. Fucking Philistines.

    Have the yanks yet to be introduced to the gold standard of rolling materials, the silver Rizla?

    1. jake Silver badge

      Re: You Keep Knocking But You Can't Come Eeeeen!

      "what the fuck is the poor girl in the header image smoking?"

      Look up RAW brand papers. Made from the purest unbleached hemp fibers, so you're not ingesting anything that you hadn't planned on ingesting. Not that I'd expect a typical stoner to give a rat's ass ... they certainly don't bother looking up their options for themselves. "Too much trouble, man, I'll just stick to what my "friends" told me. They've been pot-heads for decades, so obviously know everything there is to know on the subject."

      Apparently the mind is a terrible thing, so let's get wasted ...

  8. MadAsHell

    But the weed smokers won't care, will they! Too high to care.

  9. ItsMeDammit

    "A spokesperson for THSuite could not be reached for immediate comment."

    Give him an hour, get a kebab in and in the mean time don't make any sudden movements or loud noises. He'll get back to you.

  10. This post has been deleted by its author

  11. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    Whatsapp c*ck?

  12. Nick Ryan Silver badge

    Developers and security...

    Sounds like the typical situation when the typical developer is let loose with security settings... because access to the world is not the default.

    Of couse all applications absolutely require full adminstrator level access to the entire local system. And to the database. And to the domain too, just in case. This is much easier than a developer thinking and working out the absolute mimimum access rights that are necessary and assigning just that and nothing else particularly when security is something that can be cobbled into a system later if remembered. It's also very important when doing this that the super-administrator fallback support password is safely encoded using ROT26 for all applications. In the application itself.

  13. Snake Silver badge

    in all seriousness...

    Considering that Amazon rolled out their bucket security checker late last year (see: El Reg coverage), how could this [apparently utterly incompetent] IT department allow this to happen? Without someone's head rolling into the gutter like a 'good' day in the French Revolution??

    Seriously, not just standard-level incompetence but complete and world class considering the warnings both in tech news and via Amazon's AWS email updates (got one myself).

  14. DartfordMan

    But we know that putting all our data on the cloud run by clowns, sorry, that should read 'large corporations who promise our data are all highly secure and can never be hacked, lost, or released to the world - until it is', is totally and entirely safe. I for one trust AWS, Google, IBM and the other one who I've forgotten, to be entirely trustworthy and responsible, despite all the evidence to the contrary. Why should I feel any concern about the publication of all my information anyway? What's the worst that can happen?

  15. Drew Scriver

    Could be awkward for Green Card holders, as it's still a federal crime to smoke weed.

    Come to think of it - Green Card - could be a good name for dispensary card too, right?

  16. Anonymous Coward
    Anonymous Coward

    Maryland

    Ft. Meade. Federal offense. That's all, Folks!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like