Earlier security researcher Daniel Wood has spotted that Starbucks is storing users’ sensitive data in plain text, including their passwords. He has discovered that Starbucks iOS app is storing users’ data in plain text, on a device. Thus, users’ passwords and other app data is susceptible to data theft if a hacker would gain access to their iOS device. So, can anyone use your Starbucks mobile data to make transactions without your knowledge?
What are the dangers of Starbucks iOS app vulnerabilities?
After Wood’s research findings warned and triggered a fear of data theft among Starbucks mobile users, the company came up with its explanation. Starbucks has said that the odds of data theft through the spotted vulnerability on Starbucks iOS app is “very far fetched” and no mobile users have reported that their data is compromised and misused. Additionally, Starbucks has also declared that it is working on fixing the flaw in the app by adding “extra layers of protection”.
As the users’ data is stored in unencrypted, plain text, simply on an iPhone, your data stored with the Starbucks iOS app can get in to the hands of any user who can find that phone, if it is left behind. All that an unauthorized user need to do is to plug the iPhone to their laptop or desktop computer and find the file wherein the users’ data is stored. Hence, anyone can easily recover your Starbucks password and misuse it, without having to know the PIN code of the device.
The company has announced through a letter to its customers that they are “working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon.”
