Starbucks' iOS app stores user credentials in plain text
Coffee and identity theft go together like peas and carrots. I guess that's why Starbucks decided that storing usernames, email addresses and passwords without encryption is fine for its iOS app. Discovered by security sleuth Daniel Wood, the blatant security flaw was found through Crashlytics, a Twitter-owned reporting firm that generated the telling crash logs. With the password and email address of users, cyber criminals could have an easy go at exploiting individuals who use the same password across multiple services.
Speaking to Computerworld, Starbucks Chief Digital Officer Adam Brotman said the vulnerability has been patched, but a further test from Wood found that the information was still unencrypted. It's not necessarily a cause for panic, but if you've been using the same password for both Starbucks and your bank account, it might be a good time to change that.
Subscribe to Newsletter
Software Updatesmore updates
- NFL Mobile updated for 2014 Season with new Fantasy Football features, NFL Now integration
- Yahoo Mail improves email inbox searching with new filtering options
- Ember for Mac gains 'hugely-requested' screen recording feature
- Spotify update adds equalizer, refreshed Artist page and more
- Fantastical 2.1 for iOS adds new snooze, search and notification features
- ExpanDrive 4, more services and faster sync