Walgreens, the popular pharmacy store in the United States, has recently confessed to a security flaw. As revealed, a bug existed in the Walgreens mobile app that consequently leaked data of users.
Walgreens App Leaked Data
The second-largest pharmacy store Walgreens has recently admitted a security incident. It turns out that the Walgreens mobile app leaked users’ personal data online due to a bug.
Disclosing the incident via a breach notification letter sent to their users, the company stated that they noticed a flaw with their mobile app’s personal secure messaging feature. This flaw exposed users’ personal messages to other users.
Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app.
As they observed, some of the exposed messages contained health-related information of users.
Specifically, the exposed details included users first names, last names, prescription number, drug name, shipping address, and store number. Fortunately it did not include any financial information or sensitive details such as Social Security Numbers.
Bug Now Fixed
Upon discovering the flaw, Walgreens immediately worked to resolve the matter. First, they temporarily disabled the message viewing feature to prevent further exposure of data. Then, they resolved the technical glitch.
Nonetheless, since the incident did affect some users they reached out to them via incident disclosure.
We believe that you were part of the impacted customer group and that one or more personal messages containing your limited health-related information may have been viewed by another customer on the Walgreens mobile app between January 9, 2020, and January 15, 2020.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug - September 16, 2020
- Ransomware Attack Targets Equinix Data Center Provider - September 16, 2020
- Raccoon Attack Aims At Breaking TLS Encryption – Though Attack Is ‘Rare’ - September 16, 2020