Walgreens, the second-largest pharmacy retailer within the US, mentioned on Friday that its official mobile app contained a bug that uncovered the private particulars of a few of its customers.
The leak, described as "an error within the Walgreens mobile app personal secure messaging feature," exposed details such as first and last name, prescription details, store number, and shipping addresses, where available.
“Our investigation decided that an inside utility error allowed sure private messages from Walgreens which are saved in a database to be viewable by different clients utilizing the Walgreens cellular app,” the corporate mentioned in a breach notification letter it despatched clients.
The mobile app error that allowed users to view other users' personal data and drug prescription details only last for a week, between Thursday, January 9, and Wednesday, January 15.
Walgreens said it fixed the bug on the day it learned of the error, on January 15.
“Walgreens promptly took steps to disable the message viewing characteristic inside the Walgreens cellular app to forestall more disclosure till an everlasting correction was carried out to resolve the difficulty,” it mentioned.
"Walgreens will conduct other testing as proper for future changes to verify the change will not impact the privacy of customer data."
The corporate didn’t say how most of the app’s customers have been impacted by the bug, but it surely did say that delicate medicine prescription particulars have been solely uncovered for a small proportion of the full customers who have been affected.
The Walgreens Android app lists more than 10 million downloads on the Google Play Store. The app's iOS page does not list a download count, but the iOS app has more than 2.5 million ratings.