In early April, online pharmacy PillPack detected suspicious activity. An unauthorized user had used customer email addresses and passwords to log into their online accounts.
PillPack was able to determine that the credentials weren't taken from their site and instead from a third-party.