Walgreens, the second-largest pharmacy store in the US, said on Friday that its official mobile app contained a bug that exposed the personal details of some of its users.
The leak, described as “an error within the Walgreens mobile app personal secure messaging feature,” exposed details such as first and last name, prescription details, store number, and shipping addresses, where available.
“Our investigation determined that an internal application error allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app,” the company said in a breach notification letter it sent customers.
The mobile app error that allowed users to view other users’ personal data and drug prescription details only last for a week, between Thursday, January 9, and Wednesday, January 15.
Walgreens said it fixed the bug on the day it learned of the error, on January 15.
“Walgreens promptly took steps to disable the message viewing feature within the Walgreens mobile app to prevent further disclosure until a permanent correction was implemented to resolve the issue,” it said.
“Walgreens will conduct additional testing as appropriate for future changes to verify the change will not impact the privacy of customer data.”
The company did not say how many of the app’s users were impacted by the bug, but it did say that sensitive drugs prescription details were only exposed for a small percentage of the total users who were affected.
The Walgreens Android app lists more than 10 million downloads on the Google Play Store. The app’s iOS page does not list a download count, but the iOS app has more than 2.5 million ratings.