The ViewPoint

Starbucks’ iPhone app said to leave customers’ data exposed

Back to Article
Back to Article

Starbucks’ iPhone app said to leave customers’ data exposed

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






By Angel Gonzalez

The Seattle Times

(MCT)

SEATTLE — The Starbucks iPhone application stores customers’ personal data in unencrypted form that leaves it vulnerable to computer-savvy phone thieves, according to a cybersecurity expert whose discovery of the flaw was disclosed this week.

Daniel Wood, a Minneapolis-area computer security specialist, said he was able to break into the app’s file containing his email address, user name and password. That’s the same file where credit card information would go, which means it would be exposed he had entered it, he said in an interview.

Wood on Monday posted his findings about the flaw on a computer security site, with recommendations to Starbucks security experts on how to fix it.

The personal information was visible in plain text format and wasn’t hard to get to—making it easy prey for hackers with malicious intent who might get hold of someone’s phone, he said. Wood also said he was able to see a log of information about user location.

“I drink a lot of Starbucks myself,” Wood said, adding that he first found the flaw last November, when tinkering with the application to see if it was secure before putting in his credit card information.

The mobile app is an increasingly important part of Starbucks’ strategy. It accounted for 11 percent of U.S. transactions in the quarter that ended last September.

A Starbucks spokesman said the company was aware of the report, but knew of no impact on customers.

Wood’s discovery, first reported by Computerworld on Wednesday, comes amid heightened concerns about identity theft and credit card security. Last month criminals broke into Target’s computers, gaining access to credit and debit card data belonging to tens of millions of people. Hackers also made out with names, mailing addresses and phone numbers for up to 70 million people, Target said last week.

This week, the Associated Press reported that Neiman Marcus was also the target of a cyber-heist.

The Seattle coffee giant has “taken steps to safeguard customers’ information and protect against the theoretical vulnerabilities raised in the report, but we are unable to discuss any of the details because we want to protect the integrity of our security measures,” spokesman Zack Hutson said in an email.

“We’re also looking at whether updating the app would add another layer of protection,” he said.

Wood said he only investigated the Starbucks app for Apple’s iOS. Starbucks said the flaw only applied to the iOS app and not to its Android equivalent.

In a message to store managers earlier this month, Chief Executive Howard Schultz said the company’s investments in digital and mobile payment expertise have positioned Starbucks to benefit from consumers’ growing use of online and mobile devices.

Schultz said digital payments helped Starbucks “efficiently handle” over $1.3 billion in total Starbucks card loads in the U.S. and Canada, a record figure.

©2014 The Seattle Times

Visit The Seattle Times at www.seattletimes.com

Distributed by MCT Information Services

Print Friendly, PDF & Email
Leave a Comment

If you want a picture to show with your comment, go get a gravatar.




Navigate Left
  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    Northeast student earns national honor

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    How to make your own rustic dream catcher

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    High school freshman explore career options at Northeast Community College

  • Campus

    How to make Bratapfel: A German apple dessert

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    Making homemade ice cream

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    Northeast men unable to shoot past Marshalltown

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    Northeast veterinary technology students receive coats and pins at ceremony

  • Campus

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    New program at Northeast to better prepare young journalists

  • Starbucks’ iPhone app said to leave customers’ data exposed

    Campus

    Students volunteer “for the win” at Northeast Community College

Navigate Right
The official student newspaper of Northeast Community College.
Starbucks’ iPhone app said to leave customers’ data exposed