Walgreens COVID-19 test registration system left patient data unprotected - Recode

·1 分鐘文章
FILE PHOTO: People work behind a pharmacy counter as people are inoculated against the coronavirus disease (COVID-19) at a Walgreens store in Chicago

(Reuters) -Drugstore chain Walgreens Boots Alliance's COVID-19 test registration system exposed data of potentially millions of people, including their phone numbers and email addresses, Recode reported on Monday.

The data also exposed names, dates of birth and gender identities on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens' site to collect, the report said. (https://bit.ly/3AdXgoE)

In some cases, the results of these tests could also be taken from the exposed data, the report added.

Active unique patient IDs could be guessed, or a hacker could create a bot that rapidly generated URLs with the IDs in the hope of hitting active pages, security experts told Recode, giving them a source of biographical data about people they could potentially use to hack their accounts on other sites, according to the report.

Given how many characters are in the IDs and therefore how many combinations there are, the security experts said it’d be close to impossible to find just one active page this way, the report said.

"We routinely evaluate our technology solutions in order to provide safe, secure, and accessible digital services to our customers and patients and we regularly review and incorporate additional security enhancements when necessary," Walgreens said in a statement.

(Reporting by Dania Nadeem, additional reporting by Sabahatjahan Contractor in Bengaluru; Editing by Krishna Chandra Eluri and Uttaresh.V)

我們致力為用戶建立安全而有趣的平台,讓他們與志同道合的用戶聯繫交流。為改善我們的社群體驗,我們暫時停用文章留言功能