starbucksappStarbucks has admitted that its mobile payment app for iPhone does not encrypt user passwords and location data, instead storing it in a clear text format, according to a report from Computerworld.

The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

The vulnerability was first discovered by security researcher Daniel Wood, who published his findings online for the security community after repeatedly not having success when attempting to contact Starbucks.

The coffee company tells Computerworld that it has "security measures in place now related to that". However, Wood tells The Verge that anything Starbucks does on its end "would not matter" because the vulnerability lies within the app itself.

Potential criminals would still need to physically have the phone to attain any user information, and the only information available would be user names, passwords and location data, but users of the app who had the "auto replenish" feature on would enable criminals to continually add money to the app to make Starbucks purchases.

Update: Starbucks has issued a statement acknowledging the issue and promising an expedited updated for the company's iOS app.

We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.

Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here. While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.

Top Rated Comments

Chupa Chupa Avatar
116 months ago
Glad I don't have a Starbucks app in my country. Good luck cleaning that up, Starbucks.
Why because you hate convenience and free drinks and discounts?

With all the insecurity in computer systems these days (Target, Neimans) the Starbucks app is really only a distraction. Someone would have to have physical access to your phone or backup file to get the UID and PW. And even then you are talking about credit for coffees. What's the downside here - $20.

----------

Do hipsters still hang out at Starbucks? I thought it would be regular Joe Schmuck-people.
No, the Joe Schmuck people hang out on MR and spend their day generalizing and being snarky and condescending about people they don't even know.;)
Score: 7 Votes (Like | Disagree)
alent1234 Avatar
116 months ago
The coffee is so bad, there is always a line of people waiting to buy it
Score: 6 Votes (Like | Disagree)
flash84x Avatar
116 months ago
Really? It's not that hard to use the keychain which is built into iOS. Every competent iOS developer knows this.
Score: 6 Votes (Like | Disagree)
Chupa Chupa Avatar
116 months ago
Personally, I hate going anywhere where asking for "a cup of coffee" produces a blank look...
That's a lot of places though. I mean "cup of coffee" is quite ambiguous & generic. Unless you are at a sit down restaurant or cafe, most coffee shops have multiple sizes.



Average Joe Schmuck was a bad word from my side early in the morning, it's called Jane/John Doe. Or "Svenssons" as we say here in Sweden. The regular average person.

Which was my impression of Starbucks when I was over there. Extremely bad coffe to a slightly premium price for the average consumer that doesn't care.
Yes, "Jane/Jone Doe" has quite a different connotation than "Joe Schumuck." The former is accepted slang for the average person. The latter, of course, is, meant to be offensive; from the yiddish translation, a "d!ck."

Coffee, like people, comes in all different tastes and strengths. Yes, Starbucks has some awful blends, but they have some tasty ones too. I can say the same about the offerings of lots of restaurants. Can't you?

But, honestly the big draw to Starbucks coffee over other coffee shops is not that it's a gourmet delicacy. People buy the drip because its extra caffeinated. If you need your morning caffeine bump that's the place to go. Also Starbucks has a variety of espresso drinks that most shops don't have or are not convenient. Finally, it's a comfortable (usually) place to meet for a casual cup. People like to jab Starbucks the same way they jab Apple. Sometimes its deserved, but most times its just petty, baseless & spiteful.
Score: 4 Votes (Like | Disagree)
Elijen Avatar
116 months ago
Terrible coffee, terrible app. What did you expect?
Score: 3 Votes (Like | Disagree)
pnoyblazed Avatar
116 months ago
does that mean this app will finally get iOS7 support?
Score: 3 Votes (Like | Disagree)

Popular Stories

Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
iPhone Measure Height

Newer iPhones Allow You to Measure Someone's Height Instantly — Here's How

Saturday December 3, 2022 10:23 am PST by
iPhone 12 Pro and Pro Max, iPhone 13 Pro and Pro Max, and iPhone 14 Pro and Pro Max models feature a LiDAR Scanner next to the rear camera that can be used to measure a person's height instantly in Apple's preinstalled Measure app. To measure a person's height, simply open the Measure app, point your iPhone at the person you want to measure, and make sure they are visible on the screen from...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
iOS 16

When Will iOS 16.2 Be Released?

Friday December 2, 2022 2:13 pm PST by
Apple in late October began testing iOS 16.2 and iPadOS 16.2 updates, providing betas to both developers and public beta testers. As of now, we've had four total betas, with the fourth beta having been released earlier this week. iOS 16.2 and iPadOS 16.2 are expected before the end of the year, and we thought we'd try to narrow down the launch timeline. With only four betas released since...
14 vs 16 inch mbp m2 pro and max feature 1

Major RAM Upgrade Coming to Next-Generation MacBook Pro

Friday December 2, 2022 2:03 am PST by
The next-generation MacBook Pro models could feature faster RAM, according to a recent report from a reliable source. MacRumors Forums member "Amethyst," who accurately revealed details about the Mac Studio and Studio Display before those products were announced, recently provided information about Apple's upcoming 14- and 16-inch MacBook Pro models. The new machines are expected to feature...
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
android apple fix rcs

Google Again Criticizes Apple for Not Adopting RCS for Messages App: 'Their Texting is Stuck in the 1990s'

Friday December 2, 2022 10:54 am PST by
Google is continuing on with its attempt to convince Apple to adopt the RCS messaging standard, publishing a new "it's time for RCS" blog post. Promoted heavily by Google, RCS or Rich Communication Services is a messaging standard that is designed to replace the current SMS messaging standard. It provides support for higher resolution photos and videos, audio messages, and bigger file sizes, ...
ios 16 2 beta notifiation center

PSA: Older Notifications No Longer Hidden in Notification Center in iOS 16.2 Beta 4

Friday December 2, 2022 5:23 am PST by
In a small but significant change to the way the Notification Center works in the latest iOS 16.2 beta, older notifications are now shown by default without having to swipe up. In the current release as well as earlier versions of iOS 16, users do not automatically see older notifications in the Notification Center like they did in iOS 15, and instead must manually swipe up from the middle...
lastpass

LastPass Hacked for Second Time This Year

Friday December 2, 2022 4:04 am PST by
Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on Wednesday and gained access to some customer information. The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from ...
Apple Card Savings

Apple Card Customer Agreement Updated for 'Upcoming' Savings Account Feature

Friday December 2, 2022 11:43 am PST by
Goldman Sachs this week updated its Apple Card customer agreement to reflect the credit card's upcoming Daily Cash savings account feature, which was expected to launch with iOS 16.1 but appears to have been delayed. "To enable new ways to use Daily Cash like the upcoming Savings account feature, we are updating the Daily Cash Program section of your Apple Card Customer Agreement," reads an...