Skip to main content

See also:

Starbucks iOS app not secure; leaves sensitive user data accessible to hacker

Starbucks mobile application allows easy access to personal data
Starbucks mobile application allows easy access to personal data
Starbucks

Daniel Wood, a Minneapolis-area computer security specialist, said he was able to break into the Starbucks mobile app file which contained his email address, username, and password. Most importantly, this is the same file where your credit card information is stored.

According to Wood, the application stores customers' personal data in an unencrypted form which is easily accessible by hackers. Earlier this week, Wood posted his findings to a computer security website, where he recommended solutions to this problem.

In addition to being stored in plain text, according to Wood, the file also shows a history of customers' location. Woods explained in his post the specific vulnerability:

Within session.clslog there are multiple instances of the storage of clear-text credentials that can be recovered and leveraged for unauthorized usage of a user’s account on the malicious users’ own device or online at https://www.starbucks.com/account/signin.

In an interview with Computer World, Starbucks CIO Curt Garner and Starbucks Chief Digital officer Adam Brotman admitted to knowing for an "unspecified time" that the personal data was being stored in plain text. Shockingly, Brotman added:

We were aware. That was not something that was news to us.

In a post on Starbucks' official website, Garner said that Starbucks is working on addressing this issue. He writes:

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here

Fortunately, the data is only accessible by obtaining a user's physical iPhone, but once the thief has accessed it once, he can continue to use that information to use the stolen Starbucks account to make purchases at the cafe chain.

What do you think about Starbucks' response to this security flaw? Leave your thoughts in the comments section below.

Stay informed about the latest technology news by subscribing and following me at the top of the page.

Like this article? Don’t forget to share!