• Starbucks' iOS App Under Fire Over Data Security Practices

    Starbucks, the coffee mega chain appears to be under fire over their data security practices after it was recently discovered that the company’s iOS payment app doesn’t encrypt customers’ login information. Security researcher, Daniel Wood, publicly disclosed the vulnerability, which would require an attacker to have physical access to the device. Wood told the folks over at Computerworld that he first contacted Starbucks to report the flaw last November and only went public after the company failed to act.

    One of the things at issue here is a log file generated by Twitter-owned crash reporting analytics firm, Crashlytics. The log file, which Wood says can be retrieved from a user’s handset even if the phone is locked with a PIN, contains unencrypted versions of the customer’s username, email address and password. Starbucks executives for their part acknowledged the vulnerability and said that they have made changes to mitigate the danger. According to Starbucks’ Chief Digital Officer Adam:

    We were aware and adequate security measures are in place now. Usernames and passwords are safe.
    Wood reassessed the situation following the statement and found that the credentials were still freely available. Although this particular vulnerability is unlikely to cause widespread damage, the publication notes that it does provide an opportunity to remind the public of the dangers of reusing passwords across services. A targeted attack against an individual who uses the same password for both Starbucks and their online banking service, for instance, could yield a significant issue for the victim.

    Are you an avid Starbucks’ customer who is affected by this issue?

    Source: Computerworld, SEClists
    This article was originally published in forum thread: Starbucks' iOS App Under Fire Over Data Security Practices started by Akshay Masand View original post
    Comments 4 Comments
    1. andreix's Avatar
      andreix -
      I am! This truly is alarming especially at the rate Starbucks pushes their mobile app in advertisements.
    1. bigboyz's Avatar
      bigboyz -
      Whenever you sign up and use your personal info..these are the downfalls of trusting Corporate America with your personal info. Even when its not infiltrated or compromised, its still being looked at by someone.
    1. luvmytj's Avatar
      luvmytj -
      Figures... I use this app all the time in the Target Starbucks.
    1. hogcia's Avatar
      hogcia -
      No thanks, I'll stick to DD.
  • Connect With Us

  • Twitter Box

  • Facebook