Starbucks iOS app vulnerability endangers users' data

Share this article:

A vulnerability in Starbucks iOS mobile payment app puts user email addresses, passwords, usernames and location data at risk of being compromised.

The app's crash analytics software stores customer account information in clear-text, going against the software provider's recommendations, according to a report released on Monday by security researcher Daniel Wood.

Customer account information is then readily available for anyone wanting to exploit the vulnerability.  

The software, Crashlytics, allows developers to log application data to analyze after a crash. And, while the company advises clients not to store sensitive data, the Starbucks app does log user account information.

To combat the vulnerabiltity, Starbucks is expediting the development of an update that will include new unspecified safeguards, according to a release.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.