Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Tech Gear

Starbucks iOS app not secure; leaves sensitive user data accessible to hacker

See also

Daniel Wood, a Minneapolis-area computer security specialist, said he was able to break into the Starbucks mobile app file which contained his email address, username, and password. Most importantly, this is the same file where your credit card information is stored.

According to Wood, the application stores customers' personal data in an unencrypted form which is easily accessible by hackers. Earlier this week, Wood posted his findings to a computer security website, where he recommended solutions to this problem.

In addition to being stored in plain text, according to Wood, the file also shows a history of customers' location. Woods explained in his post the specific vulnerability:

Within session.clslog there are multiple instances of the storage of clear-text credentials that can be recovered and leveraged for unauthorized usage of a user’s account on the malicious users’ own device or online at https://www.starbucks.com/account/signin.

In an interview with Computer World, Starbucks CIO Curt Garner and Starbucks Chief Digital officer Adam Brotman admitted to knowing for an "unspecified time" that the personal data was being stored in plain text. Shockingly, Brotman added:

We were aware. That was not something that was news to us.

In a post on Starbucks' official website, Garner said that Starbucks is working on addressing this issue. He writes:

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here

Fortunately, the data is only accessible by obtaining a user's physical iPhone, but once the thief has accessed it once, he can continue to use that information to use the stolen Starbucks account to make purchases at the cafe chain.

What do you think about Starbucks' response to this security flaw? Leave your thoughts in the comments section below.

Stay informed about the latest technology news by subscribing and following me at the top of the page.

Like this article? Don’t forget to share!

Advertisement

Don't Miss

  • Unity
    'Assassin's Creed Unity' preview: Ubisoft comes home to its urban origins
    Games Preview
  • Smart vending machine
    This smart vending machine will recommend drinks for you based on your gender and age
    Video
    Tech Buzz
  • Destiny
    The 'Destiny' beta: 7 things we absolutely love about Bungie's new franchise
    Games Feature
  • Wi-Fi
    Find out how to stretch your Wi-Fi signal where it has never gone before
    Tech Tips
  • Far Cry
    'Far Cry 4' exclusive: Animals, avalanches, oxygen, side content and much more
    Games Interview
  • Gamer ghost
    Gamer finds and plays with ghost of deceased father on a classic game
    Video
    Headlines