Starbucks chief information officer Curt Garner addressed concerns with the company’s iOS app in a press release that was released on Thursday. The executive played down controversy and said the company was working hard on a fix to address these security concerns.Problems with the Starbucks app came to light after a Computerworld report claimed the app stores passwords in plain text on the device. This would allow a person to access your Starbucks account credentials by connecting your phone to a computer and accessing a specific log file on the device. Though its unlikely a malicious person would get a hold of your physical device, the practice of storing passwords in plain text instead of encrypted is risky.
In his letter to Starbucks customers, CIO Garner tried to minimize the hype around the security flaw. He claims it is a theoretical vulnerability and points out that no customer has been adversely impacted. He confirms, though, that the company is working on fix that’ll extra layers of protection.
We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.
Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here. While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.
You can read his entire letter on Starbucks’ website.