Cybersecurity attack against Amazon-owned pharmacy PillPack using reused passwords
Take action: A great example of why you should NEVER reuse passwords on multiple sites. Remembering passwords too difficult? Use a password manager instead.
Learn More
An unauthorized intrusion targeted PillPack, an online pharmacy owned by Amazon, resulting in the exposure of user health data.
The attack impacted approximately 20,000 customer accounts, where an individual utilized customer email addresses and passwords to gain unauthorized access. Out of these affected accounts, more than 3,000 contained prescription information.
It is worth noting that the attack did not involve the compromise of Social Security numbers or payment details.
Based on the information provided by PillPack, the incident appears to be a credential stuffing attack - using known (breached) username / password pairs leaked/stolen from other websites to access the accounts of customers.
