Over 1 billion pharmacy records were exposed in a massive data breach. Security Researcher Jeremiah Fowler discovered a gigantic database that wasn’t even protected by a password

The database contained records connected to CVS Pharmacy. The database included a lot of information about users including their visitor ID and what type of device the user accessed their account with. Experts say this is exactly the type of information hackers and use to launch successful phishing scams.

Also in the data were the search terms that visitors entered on the CVS site, which could give hackers clues to your medical conditions.

The security experts at Website Planet immediately contacted CVS and the company worked quickly to take care of the problem. They told Website Planet: “Thank you again for contacting us about this. We were able to reach out to our vendor and they took immediate action to remove the database. Protecting the private information of our customers and our company is a high priority, and it is important to note that the database did not contain any personal information of our customers, members or patients.”

There’s no evidence so far that criminals accessed any of this information but it was exposed.