Cannabis users have long worried about privacy, and this latest leak shows why.
A major data breach tied to PuffPal, a software platform used by cannabis clubs for memberships and ID verification, exposed nearly one million user records. The leaked information reportedly included passports, driver’s licenses, selfies, phone numbers, and even personal cannabis preferences.
The problem? Sensitive files were reportedly accessible online through predictable web links with weak security.
That’s a huge problem—especially in cannabis.
Customers often provide highly personal information just to access legal cannabis clubs, including IDs, addresses, phone numbers, and usage details. When that data gets exposed, the risks can include identity theft, job-related issues, legal complications, and major privacy concerns.
This leak is a clear warning for the cannabis industry.
As legal cannabis expands, companies are collecting more customer data than ever before. But collecting that data also means protecting it.
Because nobody signs up for a cannabis club expecting their personal information to end up exposed online.
Dabbin-Dad Newsroom
