Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application.
The mobile app allows users to refill prescriptions by scanning
The app already has over 10,000,000 millions of Android installs individuals and 50 million iOS installs.
According to the company, customers’ messages within the Walgreens mobile application may have been viewed by other users due to a bug in the personal secure messaging feature. The company discovered the issue on January 15, 2020, data was exposed between January 9 and January 15, 2020.
“We recently learned of unauthorized disclosure of one or more of your secure messages within the Walgreens mobile app. We are contacting you to provide you with information about the incident and also with information about steps you can take to protect yourself.” reads the data breach notification letter sent to the users.
“Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,”
The investigation conducted by the company revealed that
At the time, it is nor clear how many customers have been affected.
Walgreens disabled the message viewing feature implemented in the mobile app to prevent further disclosure, meantime the company is working at a permanent correction.
“Walgreens promptly took steps to disable the message viewing feature within the Walgreens mobile app to prevent further disclosure until a permanent correction was implemented to resolve the issue. Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data,” concludes the notification.
(SecurityAffairs – mobile app, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.