Walgreens, the second-largest pharmacy store in the US, stated that their official mobile app contained a bug which exposed the personal details of some of its users.
The leak occurred due to an error within the Walgreens mobile app personal secure messaging feature and it exposed details such as first and last name, prescription details, store number, and shipping addresses, where available.
According to the breach notification letter by the company sent to its customers, it was found from their investigation that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app.
Due to the mobile app error, the users were possible to view other users’ personal data and drug prescription details for a week, between January 9 and January 15.
The company fixed the bug on the day it came to know about the error which was on January 15.
Walgreens took the necessary measures to disable the message viewing feature within their mobile app to prevent further disclosure until a permanent correction was implemented to resolve the issue.
They will conduct additional testing which is necessary for future changes to verify that the change will not affect the privacy of customer data.
However, the company did not reveal how many of the app’s users were affected by the bug. They confirmed that sensitive drugs prescription details of only a small percentage of users were only exposed.
The Walgreens Android app has been downloaded by more than 10 million users on the Google Play Store. Even though the app’s iOS page does not indicate the download count, the iOS app has more than 2.5 million ratings.