Starbucks app stores personal information in plain-text format

Starbucks_Logo_Store_Front

If you use the official Starbucks mobile payment app, you may want to reconsider. According to security researcher Daniel Wood, the application stores information like your email address, password, and GPS location and an unencrypted plain-text format. Anyone who has access to your phone could do a bit of work to steal that information, which is not something you want someone else to have access to. Even worse, because the app makes payments using an on-screen barcode, that barcode method could be manipulated to suck money out of your bank account.

Fortunately, someone would need access to your phone to get this information, but it’s still a vulnerability that you should be aware of. Hopefully Starbucks addresses this soon.

source: Computer World

via: Engadget

» See more articles by Jared Peters


  • Who drank my coffee?

    I did use it but I had to stop. It repeatedly forgot that I had secured the app with a password, leaving my card and payment information open to anyone that picked up my phone. I’d reset my password, and a month later there would be no password requirement again. Top to bottom, that app is a mess.