Through their Covid testing system, Walgreens “leaks private information of MILLIONS of people, including phone numbers and addresses”

Through their Covid testing system, Walgreens “leaks private information of MILLIONS of people, including phone numbers and addresses”

Personal data including home numbers, names, addresses, date of births and email addresses were published on the open web, exposing it to anyone, including ad trackers on the store’s site.

MILLIONS of patients could have had their private information leaked through Walgreens’ Covid testing system, according to a new report.

The personal data of millions, including home numbers, names, addresses, date of births and email addresses were published by Walgreens on the open web

The personal data of millions, including home numbers, names, addresses, date of births and email addresses were published by Walgreens on the open webCredit: Getty Images – Getty
In some cases, even the results of Covid tests were posted on the open web, as reported by Recode.

Security experts told the site the weaknesses on Walgreens’ website are basic and should have been easily avoidable.

They stem from the company’s Covid test appointment registration system, which gives a unique 32-digit ID number to every patient who submits a form to get a test.

Once patients submit the form, they are sent to a new an appointment request page, which includes the unique ID in the URL.

There are no personal verification steps or requirements so anyone with the link can see the page, which stays active for as long as six months and even longer.

KHLO NO! Khloe Kardashian ‘banned from Met Gala for being too C-list’ CHEEKY LOOK Megan Fox flaunts butt in sheer dress & THONG as Travis & Kourtney pack on PDA

More than 6,000 Walgreens testing sites used this registration system, so millions of unique IDs have been created. This ID offers many ways for hackers to steal the personal data of these patients, as they can create bots that generates countless URLs in order to hit an active page containing private information and use that information to try to hack their accounts on other sites.

Experts say, however, that it would be close to impossible for hackers to find active pages this way, because of the number of characters in the unique IDs and possible combinations. But anyone who has access to a patient’s browsing history could potentially access the page and thus the private information.

While only the patient’s name, type of test, and appointment time and location are visible on the public page, Walgreens requires someone’s full name, date of birth, phone number, email address, mailing address, and gender identity to register for an appointment. It’s unclear how long Walgreens’ registration system has had these issues, but the company started offering Covid testings in April 2020

It’s unclear how long Walgreens’ registration system has had these issues, but the company started offering Covid testings in April 2020Credit: Getty
And all of that data can be accessed in a browser’s developer tools panel. Moreover, to get the results of a Covid test through at least one of Walgreens’ lab partners’ portals, all someone needs is the “orderId” and the name of the lab that performed the test.

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Ace Frehley still open for KISS meeting ‘If the money’s right’
Ace Frehley still open for KISS meeting ‘If the money’s right’
Only time will tell if the long-posited reunion will ever actually take place. “I’m on good terms with Paul and Gene,” Frehley reaffirmed, “which is nice, ...
Milley’s purported phone conversations to China have been praised by pundits as “common sense”
Milley’s purported phone conversations to China have been praised by pundits as “common sense”
The allegation is laid out in “Peril,” a new book from the Washington Post’s Bob Woodward and Robert Costa. The book also claimed Trump was in “mental ...
MassMutual fined for not monitoring the GameStop saga star
MassMutual fined for not monitoring the GameStop saga star
Massachusetts regulators cited those messages while alleging MassMutual failed to monitor the social-media accounts of Gill and other employees who were ...
WhatsApp users on desktop may soon be able to send images as stickers, according to a report
WhatsApp users on desktop may soon be able to send images as stickers, according to a report
The new ‘Send Image as Sticker’ feature was reportedly spotted on WhatsApp for Desktop beta version 2.2137.3 by WhatsApp features tracker WABetaInfo. ...
For Android and iOS users, YouTube’s new Translate tool for comments is now accessible
For Android and iOS users, YouTube’s new Translate tool for comments is now accessible
Users will be able to switch between the translated text and the original comment, posted on a particular video. The new feature will enable users to ...
The White House offers Nicki Minaj a call after she expressed hesitation about the COVID-19 vaccine, the official said.
The White House offers Nicki Minaj a call after she expressed hesitation about the COVID-19 vaccine, the official said.
The White House has invited Minaj to have a conversation about her hesitancy about getting the vaccine. But that, too, has become a controversial subset of ...
Memorial Health System Nurse Describes Pandemic Work |  News, Sports, Jobs
Memorial Health System Nurse Describes Pandemic Work | News, Sports, Jobs
Saying the situation was “weighing heavily on my heart (and) I had to get it out there,” Barnette described what working at Memorial was like last year. At WVU ...
Alexis opens space for new business
Alexis opens space for new business
Two bids were received for the old squad car. The high bid of $575 for the 2011 Chevy Impala was approved. The village will bid on a mini excavator with three ...
Economy reaching escape velocity from Covid
Economy reaching escape velocity from Covid
“As pandemic scars heal and supply conditions are restored with productivity gains, a sustained easing of core inflation can be expected, which will ...
On September 22, Xiaomi plans to release the Redmi G 2021 gaming laptop
On September 22, Xiaomi plans to release the Redmi G 2021 gaming laptop
Redmi has confirmed that it will launch its latest affordable gaming laptop, the Redmi G 2021, on September 22nd. The company posted a teaser for the new ...
Show next
Compsmag - Latest News from tech, business and health
Logo