Back to Mobile View

Skip to Content

Starbucks' iOS app stores user credentials in plain text

Coffee and identity theft go together like peas and carrots. I guess that's why Starbucks decided that storing usernames, email addresses and passwords without encryption is fine for its iOS app. Discovered by security sleuth Daniel Wood, the blatant security flaw was found through Crashlytics, a Twitter-owned reporting firm that generated the telling crash logs. With the password and email address of users, cyber criminals could have an easy go at exploiting individuals who use the same password across multiple services.

Speaking to Computerworld, Starbucks Chief Digital Officer Adam Brotman said the vulnerability has been patched, but a further test from Wood found that the information was still unencrypted. It's not necessarily a cause for panic, but if you've been using the same password for both Starbucks and your bank account, it might be a good time to change that.

[via Computerworld]