Starbucks' iOS app stores user credentials in plain text
Coffee and identity theft go together like peas and carrots. I guess that's why Starbucks decided that storing usernames, email addresses and passwords without encryption is fine for its iOS app. Discovered by security sleuth Daniel Wood, the blatant security flaw was found through Crashlytics, a Twitter-owned reporting firm that generated the telling crash logs. With the password and email address of users, cyber criminals could have an easy go at exploiting individuals who use the same password across multiple services.
Speaking to Computerworld, Starbucks Chief Digital Officer Adam Brotman said the vulnerability has been patched, but a further test from Wood found that the information was still unencrypted. It's not necessarily a cause for panic, but if you've been using the same password for both Starbucks and your bank account, it might be a good time to change that.
Subscribe to Newsletter
Software Updatesmore updates
- Dropbox adds support for TouchID
- YouTube for iOS gets updated with full support for iPhone 6 and 6 Plus
- iOS 8.0.1 update now available (Updated -- Don't update!)
- NFL Mobile updated for 2014 Season with new Fantasy Football features, NFL Now integration
- Yahoo Mail improves email inbox searching with new filtering options
- Ember for Mac gains 'hugely-requested' screen recording feature