How do you order your prescriptions and refills? Many folks use online pharmacies because of the competitive prices and convenience they provide. But, that could also be putting your personal information at risk. A security flaw discovered on the popular online pharmacy PillPack.com could have exposed private customer information to hackers.
When a new customer signs up on PillPack.com, the company uses their identifying information to pull their prescription history from pharmacies they've used in the past.
Security professional Yakov Shafranovich discovered a glaring problem with PillPack.com's verification process. When looking up previous pharmacy information, it only used name and birthdate to verify identities instead of other identifying information like Social Security number. That means anyone could access your information using just your full name and birth date.
To replicate this issue, an attacker would be directed to the PillPack.com website and choose the signup option. As long as the full name and the date of birth entered during signup match the target, the attacker will gain access to the target's full prescription history.