Friday, January 17, 2014

Security of Starbucks App is Lacking...

I flat out love Starbucks.  I'll readily admit it.  The weird part is that when I'm at home, I just grind up the beans and drink my coffee black.  No cream, no nothing.
However, you put me in a Starbucks and I'm asking for a quad vente hazelnut soy latte faster than you can blink. It's my drink of choice and I probably drink more of them than I should.
The thing is, Starbucks makes it really easy to indulge yourself. Even when it comes to paying. Years ago I set up my Starbucks card into the Starbucks App on my iPhone. Now when I go, paying is just a matter of having the barista scan the barcode on my phone. It's simple, painless, and when the balance on my Starbucks card drops below a certain point it even reloads automatically. That's how easy they make it for you.
So it was with  more than a little disappointment that I read yesterday about a serious security flaw in the Starbucks App. It seems that according to a report by Computerworld that your name, e-mail address, and password is stored in simple plain text. What this means is if your phone is stolen and connected to a computer all that information can be easily read and used by someone other than you.
As you would expect, later in the day an updated version of the app was made available which, according to the Starbucks press release, “adds extra layers of protection”.
I would advise everyone that like me, uses the Starbucks App, to update as soon as possible.
Here's what Starbucks had to say about the issue:

Security of Starbucks Mobile App for iOS

UPDATE (January 16, 2014 09:00 PM P.S.T.): As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.

Read a letter from Curt Garner, Starbucks chief information officer, regarding customer information and Starbucks Mobile App for iOS

January 16, 2014

Dear Customer,

Your security is incredibly important to us. This week a research report identified theoretical vulnerabilities associated with the Starbucks Mobile App for iOS in the event a customer’s iPhone were to be physically stolen and hacked.

We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here.  While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.

We appreciate your business and believe it is our job to earn your trust as a customer. We also know that constant vigilance is the best way to protect you and the information you share with us. If you think your information may have been compromised for any reason, please contact our Customer Care team at 1-800-23-LATTE or


Curt Garner

Starbucks chief information officer

No comments:

Post a Comment