ZDNet: “In another example of misconfigured cloud services impacting security, over a billion records belonging to CVS Health have been exposed online. On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry. Upon examination of the database, the team found over one billion records that were connected to the US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna. The database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information — such as whether visitors to the firm’s domains used an iPhone or Android handset — as well as what the team calls a “blueprint” of how the logging system operated from the backend.  Search records exposed also included queries for medications, COVID-19 vaccines, and a variety of CVS products, referencing both CVS Health and CVS.com…”