This article has been updated to include a response from GrowDiaries.
Hackers exposed roughly 3.4 million user records, including usernames, email addresses and IP addresses, of marijuana cultivators at GrowDiaries.com, an online community where growers blog about their plants and can sell seeds to other growers.
The security breach happened Sept. 22 and was reportedly discovered Oct. 10 by Volodymyr Diachenko, a database security researcher.
Diachenko said he immediately reported the security breach to GrowDiaries, which secured it five days later.
Diachenko published a report about the incident on LinkedIn on Nov. 3.
The IP addresses span a range of provinces and countries, Diachenko wrote.
The attack poses different threats to users, Diachenko wrote, including phishing attacks and attempts to use the stolen information on other applications.
A representative from GrowDiaries disputed Diachenko’s report in an email, asserting that the company “never acknowledged the incident” and that the data that was allegedly compromised was only test data.
GrowDiaries also said it is based outside of the United States, and has about 30,000 accounts.