A flaw in the Walgreens mobile app has leaked messages from consumers
The Walgreens drug store chain has revealed a data breach that has upset some of its mobile application clients.
The mobile app allows users to redeem drugs by scanning a barcode, handling Pill Reminder medicines, setting up Rx reminders for refills and deliveries, setting up a video call with physicians, refilling and reviewing drug status, printing pictures, making personalized folded picture cards and customizing decorative items.
The software already has more than 10million Android installers, and 50 million iOS installs.
According to the firm, messages from consumers within the Walgreens mobile app may have been seen by other users because of a flaw in the personal secure messaging function. On January 15, 2020, the organization discovered the problem, and between January 9 and January 15, 2020, data was released.
Dear Sample A Sample:
We recently learned of unauthorized disclosure of one or more of your secure messages within the
Walgreens mobile app. We are contacting you to provide you with information about the incident and also
with information about steps you can take to protect yourself.
On January 15, 2020, Walgreens discovered an error within the Walgreens mobile app personal secure
messaging feature. Our investigation determined that an internal application error allowed certain personal
messages from Walgreens that are stored in a database to be viewable by other customers using the
Walgreens mobile app. Once we learned of the incident, Walgreens promptly took steps to temporarily
disable message viewing to prevent further disclosure and then implemented a technical correction that
resolved the issue.
As part of our investigation, Walgreens determined that certain messages containing limited health-related
information were involved in this incident for a small percentage of impacted customers. We believe that
you were part of the impacted customer group and that one or more personal messages containing your
limited health-related information may have been viewed by another customer on the Walgreens mobile
app between January 9, 2020 and January 15, 2020.
The company’s investigation revealed that records obtained by other companies could include first and last name, identification number and product brand, pharmacy location, shipping address where appropriate. The business also confirmed that there was no access to financial information, such as Social Security number or bank account information.
Still it is not known how many consumers were impacted at the moment.
To prevent more exposure, Walgreens removed the notification display functionality introduced in the mobile app while the organization is working on a permanent fix.