A database that belongs to CVS Pharmacy having roughly 1 billion search records was compromised on the internet. The database contained data regarding searches done by guests to CVS.com and CVSHealth.com, usually for data concerning medicines and COVID-19 vaccines.
It is usual for databases like these to be managed by businesses. The search data could be utilized for analytics, client management, advertising, and other uses to enhance the services offered to consumers. These searches could at times be associated with a person through their IP address, or in this instance by the email address of the searcher.
Security researcher Jeremiah Fowler discovered the huge database. He also learned that the email addresses of a number of site visitors were contained in the database as well. Because of the magnitude of the database, it wasn’t possible to do queries of all information however searching a small sample of information in the database affirmed the presence of numerous email addresses. It isn’t very clear why email addresses were captured. Fowler thinks it may have been individuals erroneously trying to log in by using the search field.
Fowler didn’t download the complete database, thus he could not find out how many email addresses actually existed in the database. It’s likewise uncertain if Fowler was the first person to find the database or if any other person might have accessed or downloaded the database although it was available.
Fowler stated that the database was compromised on the internet because of a misconfiguration problem. Fowler got in touch with CVS to notify them about the unsecured database and it was immediately secured. CVS quickly looked into the incident and confirmed that the database, which a third-party vendor-hosted, didn’t have any personal data of its clients, patients, or members. CVS asked the vendor to take down the database immediately. The issue is being addressed to stop a repeat. It is good the researcher informed CVS concerning this matter.