Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A bug in the Walgreens mobile app leaked customers’ messages

Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application. Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application. The mobile app allows users to refill prescriptions by scanning barcode, manage medications with Pill Reminder, set Rx alerts for refills […]

Walgreens

Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application.

Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application.

The mobile app allows users to refill prescriptions by scanning barcode, manage medications with Pill Reminder, set Rx alerts for refills and pickups, set up a video chat with doctors, refill and check prescription status, print photos, create personalized folded photo cards, and customize décor items.

The app already has over 10,000,000 millions of Android installs individuals and 50 million iOS installs.

According to the company, customers’ messages within the Walgreens mobile application may have been viewed by other users due to a bug in the personal secure messaging feature. The company discovered the issue on January 15, 2020, data was exposed between January 9 and January 15, 2020.

“We recently learned of unauthorized disclosure of one or more of your secure messages within the Walgreens mobile app. We are contacting you to provide you with information about the incident and also with information about steps you can take to protect yourself.” reads the data breach notification letter sent to the users.

“Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,”

Walgreens

The investigation conducted by the company revealed that information accessed by other customers might include first and last name, prescription number and drug name, store number, shipping address where applicable. The company revealed that financial information, such as Social Security number or bank account information, was not exposed.

At the time, it is nor clear how many customers have been affected.

Walgreens disabled the message viewing feature implemented in the mobile app to prevent further disclosure, meantime the company is working at a permanent correction.

“Walgreens promptly took steps to disable the message viewing feature within the Walgreens mobile app to prevent further disclosure until a permanent correction was implemented to resolve the issue. Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data,” concludes the notification.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – mobile app, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]