Pharmacy store chain Walgreens has disclosed a data breach that impacted some customers of its mobile application.
The mobile app allows users to refill prescriptions by scanning
The app already has over 10,000,000 millions of Android installs individuals and 50 million iOS installs.
According to the company, customers’ messages within the Walgreens mobile application may have been viewed by other users due to a bug in the personal secure messaging feature. The company discovered the issue on January 15, 2020, data was exposed between January 9 and January 15, 2020.
“We recently learned of unauthorized disclosure of one or more of your secure messages within the Walgreens mobile app. We are contacting you to provide you with information about the incident and also with information about steps you can take to protect yourself.” reads the data breach notification letter sent to the users.
“Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily disable message viewing to prevent further disclosure and then implemented a technical correction that resolved the issue,”
The investigation conducted by the company revealed that
At the time, it is nor clear how many customers have been affected.
Walgreens disabled the message viewing feature implemented in the mobile app to prevent further disclosure, meantime the company is working at a permanent correction.
“Walgreens promptly took steps to disable the message viewing feature within the Walgreens mobile app to prevent further disclosure until a permanent correction was implemented to resolve the issue. Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data,” concludes the notification.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – mobile app, data leak)