BudTrader 2024 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
BudTrader Cannabis Marketplace Breach (2024): 2.7 Million User Accounts Including Passwords Exposed
Online cannabis marketplace and classifieds platform.
Verified by ObscureIQ Intelligence
56/100Breach Risk Index
25Data Value
25Market Recency
573dSince Breach
Breach Intelligence Summary
Entity: BudTrader · Actor: Unknown · Sources: 2 references
Attack: Misconfiguration
Profile: Platform · Cannabis marketplace and classifieds · Online listing platform · USA
Timeline: Breach (2024-06-27) · Indexed (Oct 01, 2024) · Year (2024)
Exposure: 2.7M records · 3 fields: Email Address, Password, Username
Status: Confirmed
Executive Summary
BudTrader, a now-defunct online cannabis marketplace and social platform, suffered a data breach that exposed records belonging to approximately 2.7 million users. The breach, which dates to June 2024, was posted for sale on a hacking forum the following month. The exposed data originated from a misconfiguration of the platform, and no external attacker group has been publicly attributed. The breach exposed email addresses, usernames, and WordPress password hashes. Password hashes are encoded versions of passwords that can potentially be cracked, meaning affected users who reused passwords across other sites face a real risk of account takeover. Because BudTrader served a cannabis marketplace, an industry that remains federally illegal in the United States despite state-level legalization, the exposure of user identities carries additional risks. Affected individuals could face legal scrutiny, employment consequences, or reputational harm depending on their jurisdiction and role on the platform. BudTrader made no public statements about the breach before ceasing operations, and no regulatory action or litigation has been documented in connection with the incident. Affected users should treat any passwords shared with their BudTrader account as compromised and update them immediately on any other services where they were reused. Due to the sensitive nature of the platform, this breach is not publicly searchable and is flagged for restricted disclosure.
ObscureIQ assessment: Exposure enables harassment, fraud, and profiling tied to cannabis-related activity. Depending on jurisdiction and role, platform association may also create legal, employment, or reputational risk.
Breach Impact
In July 2024 data from BudTrader dating to the prior month was posted for sale on a hacking forum. The exposed dataset contained approximately 2.7 million email addresses, usernames, and WordPress password hashes. Because BudTrader served a cannabis marketplace — a legal but socially sensitive consumer category — the exposure of user accounts carries elevated privacy implications for affected individuals, which is reflected in the elevated sensitivity tier classification. BudTrader made no public statements about the incident prior to its shutdown. No regulatory action or litigation specific to this breach has been documented.
About BudTrader
BudTrader was an online cannabis marketplace and social platform that connected buyers, sellers, and enthusiasts in legal cannabis markets across the United States. The platform operated as a classifieds-style service for cannabis products and related goods and attracted users in states where cannabis had been legalized for medical or recreational use. BudTrader has since ceased operations.
Why They Hold Your Data
Cannabis marketplaces and classifieds collect user accounts, contact details, listing activity, business relationships, and transaction-intent signals tied to cannabis products or services.
Recent Developments
BudTrader no longer operates. The platform shut down prior to the breach's public disclosure.
Data Points Exposed
3 verified field types
Email Address
Password Critical
Username
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Phishing, credential stuffing & account takeover
- Credential stuffing & account takeover
- Cross-platform tracking & credential stuffing
Recommended Actions
If you believe your information may be included:
Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the BudTrader breach?▾
BudTrader, a now-defunct online cannabis marketplace and social platform, suffered a data breach that exposed records belonging to approximately 2.7 million users. The breach, which dates to June 2024, was posted for sale on a hacking forum the following month. The exposed data originated from a…
What data was exposed?▾
Verified fields include Email Address, Password, Username.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation