The hugely popular app, which allows Starbucks (SBUX, Fortune 500) customers to purchase drinks and food directly from their smartphones, had been saving customers’ usernames, passwords and other personal information in plain text.
That meant a hacker could have picked up a left-behind phone, plugged it into a laptop and easily recovered a Starbucks customer’s password without even knowing the smartphone’s PIN code.
Starbucks acknowledged the vulnerability this week. It said that no customers had claimed to have been hacked as a result.
On Thursday night, Starbucks said it pushed out an updated version of its mobile app for iOS that “adds extra layers of protection.” The Android app does not have the security flaw, the company said.
Starbucks said it has fixed its mobile app that left customers’ passwords open to attack.
The hugely popular app, which allows Starbucks (SBUX, Fortune 500) customers to purchase drinks and food directly from their smartphones, had been saving customers’ usernames, passwords and other personal information in plain text.
That meant a hacker could have picked up a left-behind phone, plugged it into a laptop and easily recovered a Starbucks customer’s password without even knowing the smartphone’s PIN code.
Starbucks acknowledged the vulnerability this week. It said that no customers had claimed to have been hacked as a result.
On Thursday night, Starbucks said it pushed out an updated version of its mobile app for iOS that “adds extra layers of protection.” The Android app does not have the security flaw, the company said.
Related: Credit card hack a wakeup call for privacy
Exploiting the issue wouldn’t have been easy. To access a customer’s password, a hacker needed to be in possession of the phone, have a computer handy, and know how to access the file.
If a hacker did obtain the password, it would allow him access to money stored in the customer’s Starbucks account. Customers could be at greater risk if they use the same password for other sites.
Exploiting the issue wouldn’t have been easy. To access a customer’s password, a hacker needed to be in possession of the phone, have a computer handy, and know how to access the file.
If a hacker did obtain the password, it would allow him access to money stored in the customer’s Starbucks account. Customers could be at greater risk if they use the same password for other sites. Read More>>