![]() Multiple security experts told Recode that the vulnerabilities found on the site are basic issues that the website of one of the largest pharmacy chains in the United States should have known to avoid. The data exposure potentially affects millions of people who used - or continue to use - Walgreens’ Covid-19 testing services over the course of the pandemic. In some cases, even the results of these tests could be gleaned from that data. ![]() If you got a Covid-19 test at Walgreens, your personal data - including your name, date of birth, gender identity, phone number, address, and email - was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. “Protecting personal information of our customers and patients is always one of our highest priorities, which we take very seriously,” the company said. Walgreens told Recode that it added “an additional layer” to the site out of an abundance of caution, adding that it was not aware of any credible evidence of unauthorized access to patient data. Ruiz said he would prefer a more secure verification method, like a password, and noted that the application programming interface (API), which allows Walgreens and its advertisers to communicate with each other and exchange data, remains active. Multiple ad trackers are still present on the patient pages.Īlejandro Ruiz, a consultant with Interstitial Technology PBC who first discovered the potential data leak, told Recode that he didn’t think Walgreens’ fix was good enough. With the new authentication screen, anyone who wants to access the test confirmation pages must now enter the patient’s date of birth first. Update, September 20: Several days after this story published, and after denying that its original page set-up was insecure, Walgreens added an authentication screen to its Covid-19 test confirmation pages, making it more difficult for bad actors to access the information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |