Jun 16, 2021
More than 1 billion CVS data records accidentally exposed, researcher says
This news has been received from: abc7news.com
All trademarks, copyrights, videos, photos and logos are owned by respective news sources. News stories, videos and live streams are from trusted sources.
An unsecured database of more than a billion search records belonging to CVS Health was accidentally posted online and accessible to the public earlier this spring, ABC News confirms.
The non-password protected database was discovered at the end of March by independent cybersecurity researcher Jeremiah Fowler, who then alerted the company to the exposure.
Those records included a large number of searches on CVS Pharmacy websites for COVID-19 vaccines and other medications, according to Fowler.
READ ALSO: White House pushes for companies to take ransomware more seriously after high-profile cyberattacks
A CVS spokesperson confirmed to ABC News the data was theirs and said when they became aware of the exposure, they immediately took down the database, which they say was hosted by a third-party vendor.
The company emphasized the records did not include any personal customer, patient, or member information.
According to Fowler, some of the information revealed in those searches could have helped link to someone's identity, depending on what else they entered in the search bar.
"Some search entries included email addresses and should be a wake-up call for companies to ensure their data security is solid," he said. "There were certain times where individuals put their own email addresses into the search bar and then that correlated with a visitor ID and user ID, and then usually it showed what they searched for. So, hypothetically, you could have connected those three and figured it out."
Fowler also said when it comes to medical data, cyber criminals are extremely smart at phishing and social engineering.
"Logically, once you had an email and could see medications, there's all kinds of things you could do with it," he said.
Meanwhile, a CVS spokesperson said they've addressed the issue with the vendor in question to prevent this from happening again, but would not comment on whether they would continue contracting with said vendor.
Read the company's full statement below:
"In March of this year, a security researcher notified us of a publicly accessible database that contained non-identifiable CVS Health metadata.
We immediately investigated and determined that the database, which was hosted by a third party vendor, did not contain any personal information of our customers, members, or patients.
As the researcher's report indicates, there was no risk to customers, members or patients, and we worked with the vendor to quickly take the database down.
We've addressed the issue with the vendor to prevent a recurrence and we thank the researcher who notified us about this matter."
News Source: abc7news.com
Tags: feel good stories data breach emails cyberattack business cvs scams u s world medical research data breach security phishing feel good stories feel good stories for companies email addresses the researcher the database any personal the exposure the company or patients the company
Google begins to test the dark mode in the search engine
For Google, the dark mode is nothing new. Not for nothing can we find it, for example, on YouTube. However, surprising as it may seem, this visual mode, which has been in such demand for some time now, has not yet landed on the search engine, except in closed beta. And I say that it is surprising because I understand that it poses a certain technical complexity, in terms of which colors and when they should be replaced by others. But of course, The same happens with more complex interfaces, such as YouTube, where it has been available for some time..
Fortunately, it seems that this lack has its days numbered. And, as we can read in Business Insider, Google is already testing the dark mode in the search engine. The bad part is that at the moment only certain users can access it. It is expected that the deployment will be progressive and fast, and that in not too long this option will become available to all users. Although, of course, this is only an assumption, as the company has not reported on it.
A very interesting aspect of the dark mode of the Google search engine is that it does not depend on the configuration of the operating system or the browser And, what is even better, everything indicates that it can be used not only in Google Chrome, it is also available in other browsers, since, at least in this first phase of the deployment, the adjustment is made directly from the configuration of the web browser interface.
Users have already received access to this setting, they will see, when accessing the search engine, uA message stating that dark mode is now available and, from there, they can activate it to start using it immediately. In addition, if they reject it at first but later want to activate it, they will only have to click on Settings, at the bottom of the search engine’s web interface and, in the menu that will open, they will be able to activate Google’s dark mode.
This setting is associated with the Google user account, so when you choose the dark mode, this should be displayed whenever you access the browser while logged in, regardless of whether you do it from different browsers or even from different devices. However, if you use the Google app for Android or iOS, they will still be displayed in clear mode.