WebProNews

Tag: Recode

  • Walgreens Exposed COVID Testing Data, Refused to Fix Issue

    Walgreens Exposed COVID Testing Data, Refused to Fix Issue

    In a shocking display of negligence and incompetence, Walgreens left COVID testing data exposed and refused to fix the issue when notified.

    Walgreens quickly emerged as one of the most popular places for individuals to get tested for COVID-19, even touting itself as “a vital partner in testing and community education.” Individuals could register online, take the test through the company’s drive-thru and receive the results via email.

    Unfortunately, according to Recode, Walgreens left the data on the open web, where virtually anyone could gain access to it. The data included name, address, email address, gender, date of birth and phone number of those who were tested. In some cases, it was even possible to access test results.

    According to Recode, Alejandro Ruiz, a consultant with Interstitial Technology PBC, found the security issues in March. Ruiz informed Walgreens of the issues, using multiple channels, but the company was not responsive.

    To make matters worse, security experts told Recode the issues were so basic that any company with as large a web presence as Walgreens should have known how to avoid them. Ruiz believes it’s further evidence of Walgreens’ lack of concern.

    “Any company that made such basic errors in an app that handles health care data is one that does not take security seriously,” Ruiz said. 

    Recode contacted Walgreens directly and gave them time to fix the vulnerabilities before publication. Shockingly, Walgreens refused to do so.

    “We regularly review and incorporate additional security enhancements when deemed either necessary or appropriate,” the company told Recode.

    As if the lack of security was not worrying enough, researchers found a number of ad trackers attached to the company’s testing confirmation webpages, including from Adobe, Akami, Dotomi, Facebook, Google, InMoment and Monetate, in addition to data-sharing partners.

    “Just the sheer number of third-party trackers attached to the appointment system is a problem, before you consider the sloppy setup,” Sean O’Brien, founder of Yale’s Privacy Lab, told Recode.

    The other security experts were even more damning in their evaluation of the situation.

    “This is a clear-cut example [of this type of vulnerability], but with Covid data and tons of personally identifiable information,” said Zach Edwards, privacy researcher and founder of the analytics firm Victory Medium. “I’m shocked they are refuting this clear breach.”

    “It’s just another example of a large company that prioritizes its profits over our privacy,” Ruiz said.

  • Apple Employees Send Second Letter Protesting Return-to-Office Policy

    Apple Employees Send Second Letter Protesting Return-to-Office Policy

    Apple employees have sent a second letter to company leadership objecting to plans for a return to the office.

    Like most tech companies, Apple sent employees home to work remotely as the pandemic gained ground. While some companies have fully embraced remote work, Apple has been adopting a hybrid strategy. The company told employees it wanted them in the office at least three days a week.

    Employees penned a letter a month ago objecting to the company’s policies, saying the one-size-fits-all approach didn’t properly address employees needs. Employees accused the company of not listening to them and their concerns. There have also been reports of employees quitting over the company’s policies. 

    Employees have penned a second letter objecting to the company’s plans, according to Recode.

    “We continue to be concerned that this one-size-fits-all solution is causing many of our colleagues to question their future at Apple,” the letter reads, saying, “With COVID-19 numbers rising again around the world, vaccines proving less effective against the Delta variant, and the long-term effects of infection not well understood, it is too early to force those with concerns to come back to the office.”

    Employees are arguing for two “pilot arrangements,” wherein they could work remotely for one year, with no guarantee of renewal. Employees would be given the option of working in different regions than they were originally hired in, and be open to cost of living adjustments.

    The letter also highlights the stakes involved for Apple, citing an employee survey that showed 68% of respondents believed Apple’s return-to-office policies would cause them to leave the company.

    With the surge of COVID cases among the unvaccinated currently happening, Apple agreed to push back its return-to-office date by a month. The company has not fundamentally changed its long-term plans, however, setting up an eventual showdown with its employees.