starbucksappStarbucks has admitted that its mobile payment app for iPhone does not encrypt user passwords and location data, instead storing it in a clear text format, according to a report from Computerworld.

The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

The vulnerability was first discovered by security researcher Daniel Wood, who published his findings online for the security community after repeatedly not having success when attempting to contact Starbucks.

The coffee company tells Computerworld that it has "security measures in place now related to that". However, Wood tells The Verge that anything Starbucks does on its end "would not matter" because the vulnerability lies within the app itself.

Potential criminals would still need to physically have the phone to attain any user information, and the only information available would be user names, passwords and location data, but users of the app who had the "auto replenish" feature on would enable criminals to continually add money to the app to make Starbucks purchases.

Update: Starbucks has issued a statement acknowledging the issue and promising an expedited updated for the company's iOS app.

We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here. While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.

Top Rated Comments

Chupa Chupa Avatar
93 months ago
Glad I don't have a Starbucks app in my country. Good luck cleaning that up, Starbucks.
Why because you hate convenience and free drinks and discounts?

With all the insecurity in computer systems these days (Target, Neimans) the Starbucks app is really only a distraction. Someone would have to have physical access to your phone or backup file to get the UID and PW. And even then you are talking about credit for coffees. What's the downside here - $20.

----------

Do hipsters still hang out at Starbucks? I thought it would be regular Joe Schmuck-people.
No, the Joe Schmuck people hang out on MR and spend their day generalizing and being snarky and condescending about people they don't even know.;)
Score: 7 Votes (Like | Disagree)
alent1234 Avatar
93 months ago
The coffee is so bad, there is always a line of people waiting to buy it
Score: 6 Votes (Like | Disagree)
flash84x Avatar
93 months ago
Really? It's not that hard to use the keychain which is built into iOS. Every competent iOS developer knows this.
Score: 6 Votes (Like | Disagree)
Chupa Chupa Avatar
93 months ago
Personally, I hate going anywhere where asking for "a cup of coffee" produces a blank look...
That's a lot of places though. I mean "cup of coffee" is quite ambiguous & generic. Unless you are at a sit down restaurant or cafe, most coffee shops have multiple sizes.



Average Joe Schmuck was a bad word from my side early in the morning, it's called Jane/John Doe. Or "Svenssons" as we say here in Sweden. The regular average person.

Which was my impression of Starbucks when I was over there. Extremely bad coffe to a slightly premium price for the average consumer that doesn't care.
Yes, "Jane/Jone Doe" has quite a different connotation than "Joe Schumuck." The former is accepted slang for the average person. The latter, of course, is, meant to be offensive; from the yiddish translation, a "d!ck."

Coffee, like people, comes in all different tastes and strengths. Yes, Starbucks has some awful blends, but they have some tasty ones too. I can say the same about the offerings of lots of restaurants. Can't you?

But, honestly the big draw to Starbucks coffee over other coffee shops is not that it's a gourmet delicacy. People buy the drip because its extra caffeinated. If you need your morning caffeine bump that's the place to go. Also Starbucks has a variety of espresso drinks that most shops don't have or are not convenient. Finally, it's a comfortable (usually) place to meet for a casual cup. People like to jab Starbucks the same way they jab Apple. Sometimes its deserved, but most times its just petty, baseless & spiteful.
Score: 4 Votes (Like | Disagree)
Elijen Avatar
93 months ago
Terrible coffee, terrible app. What did you expect?
Score: 3 Votes (Like | Disagree)
pnoyblazed Avatar
93 months ago
does that mean this app will finally get iOS7 support?
Score: 3 Votes (Like | Disagree)

Top Stories

bloodoxygenapplewatch

Apple Watch Series 7 to Gain Breakthrough New Health Feature

Friday March 5, 2021 5:34 am PST by
Apple is reportedly planning to bring a new, first-of-its-kind health technology to the Apple Watch Series 7, in what could be a breakthrough for managing conditions such as diabetes more easily. According to a recent report from ETNews, the Apple Watch Series 7 will feature blood glucose monitoring via a non-invasive optical sensor. Measuring blood glucose levels, also known as blood...
imac pro featured black

Apple Confirms iMac Pro Will Be Discontinued When Supplies Run Out, Recommends 27-Inch iMac

Saturday March 6, 2021 7:33 am PST by
Apple on late Friday evening added a "while supplies last" notice to its iMac Pro product page worldwide, and removed all upgrade options for the computer, leaving only the standard configuration available to order for now. We've since confirmed with Apple that when supplies run out, the iMac Pro will no longer be available whatsoever. Apple says the latest 27-inch iMac introduced in August...
Top Stories 48

Top Stories: iPhone 13 Leaks, OLED iPads and Macs, New AirTags Evidence

Saturday March 6, 2021 6:00 am PST by
iPhone rumors are heating up, with noted analyst Ming-Chi Kuo this week releasing a wide-ranging report outlining his expectations for the iPhone lineup over the next three years. This week also saw rumors about OLED displays potentially coming to iPad and Mac starting next year, increasing signs of AirTags functionality in iOS 14.5 betas, and more, so check out all of the details below! i...
Screen Shot 2021 03 08 at 1

Leaker Suggests Apple Event to Be Held on March 23

Monday March 8, 2021 2:25 am PST by
Apple will hold its first event of the year on March 23, according to information provided by a reputable Chinese leaker (via DuanRui). Apple is expected to launch AirTags, new iPads, and possibly updated AirPods at a spring event, and leaker "Kang" believes that date will be March 23. Initial speculation pointed to an event happening on March 16; however, Bloomberg's Mark Gurman shot down...
apple products refurbished store banner

Class Action Lawsuit Over Apple Providing Refurbished Replacement Devices Proceeding to Trial in August

Friday March 5, 2021 9:53 am PST by
Initially filed in 2016, a class action lawsuit that accuses Apple of violating the Magnusson-Moss Warranty Act, Song-Beverly Consumer Warranty Act, and other U.S. laws by providing customers with refurbished replacement devices is set to proceed to trial August 16, according to a notice this week from law firm Hagens Berman Sobol Shapiro LLP. Apple's repair terms and conditions state that,...
iOS 14

Apple Releases iOS and iPadOS 14.4.1 With Security Fixes

Monday March 8, 2021 10:01 am PST by
Apple today released iOS and iPadOS 14.4.1, minor security updates that comes more than a month after the release of the iOS 14.4 update. The iOS and iPadOS 14.4.1 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software Update. According to Apple's release...
iPhone 13 Notch Feature2

iPhone 13 Rumor Recap: Smaller Notch, Larger Batteries, 120Hz for Pro Models, Improved 5G, Wi-Fi 6E, and More

Friday March 5, 2021 8:20 am PST by
While we are likely at least six months away from Apple unveiling the so-called iPhone 13 lineup, rumors about the devices are starting to accumulate, so we've put together this recap of everything that is expected so far. The upcoming iPhone 13 lineup will consist of the same four models and the same screen sizes as the iPhone 12 lineup, according to reputable analyst Ming-Chi Kuo,...
imac pro while supplies last

iMac Pro No Longer Custom Configurable, Available 'While Supplies Last'

Friday March 5, 2021 10:14 pm PST by
Apple appears to be on the verge of discontinuing the iMac Pro, with the store page for the high-end all-in-one Mac including a "While supplies last" tagline and only the base model with no custom configurations available for purchase. The iMac Pro launched in December 2017, and while there have been a few tweaks to the available configurations over the years, it has received no substantial...
apple mixed reality headset mockup feature

Kuo: Apple to Launch Mixed Reality Headset in Mid 2022 and Augmented Reality Glasses by 2025

Sunday March 7, 2021 8:27 am PST by
Apple plans to release its long-rumored mixed reality headset "in mid-2022," followed by augmented reality glasses by 2025, well-regarded analyst Ming-Chi Kuo said today in a research note with TF International Securities, obtained by MacRumors. "We predict that Apple's MR/AR product roadmap includes three phases: helmet type by 2022, glasses type by 2025, and contact lens type by...
smart contact lens

Kuo: Apple May Release Augmented Reality Contact Lenses in 2030s

Sunday March 7, 2021 9:34 am PST by
In a research note shared with MacRumors, analyst Ming-Chi Kuo today predicted that Apple will release augmented reality "contact lenses" in the 2030s. Kuo said the lenses will bring electronics from the era of "visible computing" to "invisible computing." Mojo Vision smart contact lens Kuo said the lenses are "unlikely to have independent computing power and storage," suggesting that they...