Starbucks app stores log-in credentials, location info in plain text

21 Jan


If you’re concerned about someone getting their hands on your personal data, you’ll want to read on — this latest method’s an unlikely culprit. The Starbucks mobile-payment app is reportedly saving user data, including email addresses, passwords and even your GPS location in plain text. Theoretically, anyone with access to your phone (and a computer) can download your private data with less than an hour or work. Company executives confirmed the flaw to Computerworld, admitting that they’re aware of the issue.

Daniel Wood, a security researcher, first came upon the unencrypted information last year. He downloaded and re-tested an updated version the app, which Starbucks claims now includes “adequate security measures,” only to find that the same information is still easily accessible. A log file also includes GPS coordinates that are captured every time you search for a nearby Starbucks store. Of course, the global caffeinator’s mobile application isn’t free of other weaknesses, too — payments are processed by scanning an on-screen barcode, which can be reproduced and used to drain your account by anyone close enough to photograph your phone. by engadget

Leave a comment

Posted by on 21/01/2014 in IT


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: