The app that allows Starbucks customers to purchase food and drinks from their phone has been storing passwords and personal information in a very vulnerable fashion. According to CNN Money on Jan. 17, the app was keeping all this sensitive information in plain text, which means anyone who wanted the information could just plug the phone into a computer and have the ability to access it, without even needing the phone’s passcode.
Starbucks pushed an update for the app on Thursday night for the iOS apps but not for Android phones. The company admitted that the app left personal information pretty out in the open but has said no one reported hacking as a result of the flaw.
The man who discovered the issue, security researcher Daniel Woods, said he reached out in December after he discovered the issue after doing his own tests. However, he received no response, so he posted about the issue online. As we’ve seen before, once the issue was well-know, Starbucks then contacted him.
The Verge reports that the issue could only be solved with an app update, which Starbucks did. However, this version of the app has been available since May, which left a pretty large time frame for information breaches.
If you’ve misplaced your phone lately and are using that app, it might be time for a precautionary password change. You never know when a hacker may want to reap some caffeinated rewards.