BudTrader, a now-defunct online cannabis marketplace and social platform, suffered a data breach that exposed records belonging to approximately 2.7 million users. The breach, which dates to June 2024, was posted for sale on a hacking forum the following month. The exposed data originated from a misconfiguration of the platform, and no external attacker group has been publicly attributed. The breach exposed email addresses, usernames, and WordPress password hashes. Password hashes are encoded versions of passwords that can potentially be cracked, meaning affected users who reused passwords across other sites face a real risk of account takeover. Because BudTrader served a cannabis marketplace, an industry that remains federally illegal in the United States despite state-level legalization, the exposure of user identities carries additional risks. Affected individuals could face legal scrutiny, employment consequences, or reputational harm depending on their jurisdiction and role on the platform. BudTrader made no public statements about the breach before ceasing operations, and no regulatory action or litigation has been documented in connection with the incident. Affected users should treat any passwords shared with their BudTrader account as compromised and update them immediately on any other services where they were reused. Due to the sensitive nature of the platform, this breach is not publicly searchable and is flagged for restricted disclosure.

Cannabis marketplaces and classifieds collect user accounts, contact details, listing activity, business relationships, and transaction-intent signals tied to cannabis products or services.

BudTrader no longer operates. The platform shut down prior to the breach's public disclosure.