Were you able to get a COVID test at Walgreens? It’s possible that your personal information is at risk.
Millions of people who took a COVID-19 test at a Walgreens (WBA) pharmacy store may have had their personal information leaked into the internet.
According to Recode, the pharmacy chain may have exposed the phone numbers and email addresses of COVID test takers, as well as their names, dates of birth, and gender identities, on the open web for anyone to see and for ad trackers on the Walgreens website to collect.
According to Recode, the COVID-19 test results may have also been released.
“We continuously examine our technological solutions in order to deliver safe, secure, and accessible digital services to our customers and patients,” Walgreens said in a statement about the hack. “We continually analyze and adopt new security upgrades when necessary.”
In a search of active pages on Walgreens’ portal, hackers might have guessed or constructed bots that generated the unique patient IDs of the COVID-19 test recipients, giving them the personal data they needed to steal their accounts on other websites, according to Recode.
Given the ID’s 32-character length and the number of conceivable possibilities, security experts told Recode that finding just one active page this way would have been nearly impossible, implying that a large number of accounts were likely exposed.
It’s unknown how long the data was available on the open web, but it was discovered in March by Alejandro Ruiz, a consultant with Interstitial Technology PBC. Since April 2020, Walgreens has offered COVID-19 testing at 6,000 locations.
Walgreens’ stock was trading at $48.45 at 12:54 p.m. ET on Tuesday, down 73 cents, or 1.48 percent.