An “error” in the Walgreens app left some customer data exposed for several days in January.
The company removed the bucket from the open internet after being contacted by CyberScoop.
The unauthorized access occurred between August 1, 2018 and March 30, according to an SEC filing.
Most of the data was about American users.
The Silicon Valley security firm identified exposures by Mexico-based media company Cultura Colectiva and the now-defunct "At the Pool" app.
“Gearbest’s database isn’t just unsecured. It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.”