Annie Burky reports:
Amazon-owned PillPack reported a cybersecurity attack affecting the accounts of nearly 20,000 customers.
An unauthorized person used customer emails and passwords to log into PillPack customer accounts, over 3,000 of which contained prescription information. Social Security numbers and payment information were not involved in the attack, according to the online pharmacy.
Read more at Fierce Healthcare.
From PillPack’s notice, it sounds like a credential stuffing attack.