Starbucks’ iPhone app vulnerable: expert

admin | 上海按摩服务
16 Jan 2019

The Starbucks iPhone application stores customers’ personal data in an unencrypted form that leaves it vulnerable to hackers, according to a cybersecurity expert.


American computer security specialist Daniel Wood said he was able to break into the app’s file that contained his email address, user name and password – the same file where credit card information is stored.

Wood on Monday posted his findings about the flaw on a computer security site, with recommendations for Starbucks to fix it.

He said the personal information was visible in plain text format and easy to access, making it a target for hackers with malicious intent.

Wood also said he was able to see a log of information about user location.

The mobile app accounted for 11 per cent of Starbucks’ US transactions in the quarter that ended last September.

A Starbucks spokesman said the company was aware of the report, but knew of no impact on customers.

Wood’s discovery, first reported by Computerworld on Wednesday, comes amid heightened concerns about identity theft and credit card security.

Last December hackers broke into Target’s computers, gaining access to credit and debit card data belonging to tens of millions of people.

Hackers also made out with names, mailing addresses and phone numbers for up to 70 million people, Target said last week.

Wood said he only investigated the Starbucks app for Apple’s iOS.

Starbucks said the flaw only applied to the iOS app and not to its Android equivalent.

In a message to store managers earlier in January, chief executive Howard Schultz said the company’s investments in digital and mobile payment expertise have positioned Starbucks to benefit from consumers’ growing use of online and mobile devices.

Schultz said digital payments helped Starbucks “efficiently handle” more than $US1.3 billion ($A1.46 billion), a record figure, in total Starbucks card loads, in the US and Canada.

Comments are closed.