Starbucks app leaves passwords vulnerable

News
This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Starbucks’ mobile app leaves customers’ passwords open to attack, according to a research report.

The popular app, which allows Starbucks customers to purchase drinks and food directly from their smartphones, saves customers’ usernames, passwords and other personal information in plain text.

That means a hacker could pick up a left-behind phone, plug it into a laptop and easily recover a Starbucks customer’s password without even knowing the smartphone’s PIN code.

Starbucks spokesman Jim Olson acknowledged the vulnerability, but he said no customers have claimed to have been hacked as a result.

“Obviously the security of our customers’ information is of the utmost importance to Starbucks and we’re monitoring for any risks and vulnerabilities,” he said.

Exploiting the issue wouldn’t be easy. To access a customer’s password, a hacker needs to be in possession of the phone, have a computer handy, and know how to access the file.

If a hacker does obtain the password, it would allow him or her access to money stored in the customer’s Starbucks account. Customers could be at greater risk if they use the same password for other sites.

Latest News

More News

National News

More National

Washington D.C.

More Washington DC

Your Local Election HQ

More Your Local Election HQ

Don't Miss

Latest News

More News

Popular

KFOR Podcasts

More Podcasts

Follow @KFOR on Twitter