Walgreens, the popular pharmacy store in the United States, has recently confessed to a security flaw. As revealed, a bug existed in the Walgreens mobile app that consequently leaked data of users.
Walgreens App Leaked Data
The second-largest pharmacy store Walgreens has recently admitted a security incident. It turns out that the Walgreens mobile app leaked users’ personal data online due to a bug.
Disclosing the incident via a breach notification letter sent to their users, the company stated that they noticed a flaw with their mobile app’s personal secure messaging feature. This flaw exposed users’ personal messages to other users.
Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app.
As they observed, some of the exposed messages contained health-related information of users.
Specifically, the exposed details included users first names, last names, prescription number, drug name, shipping address, and store number. Fortunately it did not include any financial information or sensitive details such as Social Security Numbers.
Bug Now Fixed
Upon discovering the flaw, Walgreens immediately worked to resolve the matter. First, they temporarily disabled the message viewing feature to prevent further exposure of data. Then, they resolved the technical glitch.
Nonetheless, since the incident did affect some users they reached out to them via incident disclosure.
We believe that you were part of the impacted customer group and that one or more personal messages containing your limited health-related information may have been viewed by another customer on the Walgreens mobile app between January 9, 2020, and January 15, 2020.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- LidarPhone Attack Transforms Smart Vacuum Cleaners Into Spying Tools - November 23, 2020
- Google To Add End-to-End Encryption To Android Messages App - November 23, 2020
- Football Club Manchester United Confirms Cyber Attack - November 23, 2020