Starbucks Admits to Storing Passwords in Plaintext
January 16, 2014 Leave a comment
The Starbucks mobile app is the most popular mobile payment app in the United States. Users can load money onto their Starbucks app, and every time they buy drinks or food they earn stars which gets them free coffee. On Thursday, Starbucks confirmed that they store passwords and other user information in plaintext.
This user information, which includes passwords, usernames, email address, and location – was unencrypted. This makes it easy to access by anyone who plugs the handset into a PC, according to a report detailing the vulnerability.
The report stated that passwords are stored this way in order to make it easier for users to purchase. Users only need to enter their password and username once, and then can make purchases without putting in anymore information. However, I’m sure users would rather have a little more difficulty making purchases and know that their data is safe.
“We take these types of concerns seriously and have added several safeguards to protect the information you share with us,” Garner added. He also revealed Starbucks is working on an update to the app that will “add extra layers of protection.”
Information on users payment information is not available – however, thieves may be able to use the information to make purchases on other people’s Starbucks accounts.