Starbucks admits its iPhone app stores passwords in clear text

starbucks

Computerworld reports that Starbucks has admitted that login details were stored in clear text, and was not encrypted in their iPhone app, one of the most used mobile payment apps in the U.S.

The vulnerability was discovered by security researcher Daniel Wood. He published the details of the vulnerability online after he was not successful in contacting Starbucks even after repeated attempts.

Computerworld reports:

The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

Starbuck claims that it has made changes at its end to mitigate the issue, however Woods reports that the problem still exists in the latest version of Starbucks mobile app.

Though it doesn’t seem to be a major risk, as someone with malicious intent still needs to get access to your iPhone to be able to get access to your login details stored in clear text, we expect a lot more from Starbucks.

[Via Computerworld]

Like this post? Share it!

Categories: iPhone Apps

Related
  • filthyjason

    No changes needed for now (apparently), but a rogue app could easily grab that data

  • oliver

    Of course Starbucks also works for NSA…

  • Todd Bruno

    .Don’t know what makes me more sick. Going to Starbucks or using an App to pay for their Starbucks..