Starbucks' iOS app stores user credentials in plain text
Coffee and identity theft go together like peas and carrots. I guess that's why Starbucks decided that storing usernames, email addresses and passwords without encryption is fine for its iOS app. Discovered by security sleuth Daniel Wood, the blatant security flaw was found through Crashlytics, a Twitter-owned reporting firm that generated the telling crash logs. With the password and email address of users, cyber criminals could have an easy go at exploiting individuals who use the same password across multiple services.
Speaking to Computerworld, Starbucks Chief Digital Officer Adam Brotman said the vulnerability has been patched, but a further test from Wood found that the information was still unencrypted. It's not necessarily a cause for panic, but if you've been using the same password for both Starbucks and your bank account, it might be a good time to change that.
Coffee and identity theft go together like peas and carrots.
Subscribe to Newsletter
Software Updatesmore updates
- Daily App: MyScript Calculator solves your hand-written math equations
- Findery app lets you discover the world around you using annotated notes and maps
- The Learnist app brings its crowd-sourced collection of information to your iPhone
- My cat Cinnamon reviews Friskies Cat Fishing 2
- Photo Grid Collage Maker is capable and free
- iExit gets new features and is now free