First Alert Weather Alert: Flood Warning expires at 8:00 AM on 4/18, issued at 10:44 AM Bryceville, FL | Callahan, FL | Fernandina Beach, FL | Glen Saint Mary, FL

Starbucks app caught storing user credentials in plain text

Set Text Size SmallSet Text Size MediumSet Text Size LargeSet Text Size X-Large
Share
Updated: 1/17 4:40 pm
ATLANTA -- Time to change another password: the Starbucks iPhone app reportedly stores usernames, passwords and email addresses in clear text.

According to a Computerworld report, the app is designed so users only have to enter their username and password once, for ease of use. But these credentials are then stored on the phone, without encryption.

Anyone looking to steal this information need only connect the phone running the app to a computer.

This vulnerability could be very damaging, to both Starbucks and its users — the app is the most popular mobile payment program in the U.S., responsible for some 11 percent of Starbucks' transactions last quarter. (Via YouTube / Bank2Book)

Security researcher Daniel Wood first discovered the issue in November and approached Starbucks about it. He later published his findings, after being repeatedly shuffled off to Starbucks' customer service. (Via Seclists.org)

In a statement to the Seattle Times, Starbucks said it has "taken steps to safeguard customers' information and protect against the theoretical vulnerabilities raised in the report," but declined to go into specifics.

Wood says that's not good enough. His initial report referenced app version 2.6.1 — the same version available for download from the App Store now.

He told The Verge it's still carrying the same plaintext credentials — and without an app update from Starbucks, that's not going to get fixed. "Anything they have done on their end won't matter as the vulnerability lies within the application on end user devices."
Share
0 Comment(s)
Comments: Show | Hide

Here are the most recent story comments.View All

The views expressed here do not necessarily represent those of Action News Jacksonville

No comments yet!
Jacksonville Current Conditions
61°
High 64° - Low 48°
Cloudy
Inergize Digital This site is hosted and managed by Inergize Digital.
Mobile advertising for this site is available on Local Ad Buy.