Starbucks' iOS app stores user credentials in plain text
Coffee and identity theft go together like peas and carrots. I guess that's why Starbucks decided that storing usernames, email addresses and passwords without encryption is fine for its iOS app. Discovered by security sleuth Daniel Wood, the blatant security flaw was found through Crashlytics, a Twitter-owned reporting firm that generated the telling crash logs. With the password and email address of users, cyber criminals could have an easy go at exploiting individuals who use the same password across multiple services.
Speaking to Computerworld, Starbucks Chief Digital Officer Adam Brotman said the vulnerability has been patched, but a further test from Wood found that the information was still unencrypted. It's not necessarily a cause for panic, but if you've been using the same password for both Starbucks and your bank account, it might be a good time to change that.
Subscribe to Newsletter
Software Updatesmore updates
- Dropbox adds file/folder renaming and Office document editing to iOS app
- Vizzywig 8xHD price tag now a very affordable $49.99
- Automatic targets teen drivers with License+ service
- Dropbox adds support for TouchID
- YouTube for iOS gets updated with full support for iPhone 6 and 6 Plus
- iOS 8.0.1 update now available (Updated -- Don't update!)