One of the largest pharmacy chains in the United States, Walgreens (over 9,000 pharmacies in 50 states), reportedthat in its official mobile application there was a bug that revealed the personal data of users. The Walgreens Android app has over 10,000,000 downloads on Google Play, and the iOS app has over 2,500,000 million ratings.
It is reported that the bug was active from January 9 to January 15, 2020. The company describes the problem as “an error in the secure messaging feature.” Due to this vulnerability, some users could gain access to other people's personal data, including information such as first name and surname, prescription drug information, store numbers and delivery addresses, if available. User financial data was not affected.
Representatives of the company did not specify what percentage of users was affected by the leak, but it is emphasized that confidential data on prescribed medications were revealed only to a small percentage of victims.
“Walgreens immediately took measures to disable the function of viewing messages in a mobile application in order to prevent further disclosure of information until a permanent fix is issued to solve this problem,” the company said.