Starbucks Security Issue Endangers 10 Million App Users
Starbucks (NASDAQ: SBUX) app users could end up with more than a delicious, premium-priced beverage.
The popular specialty coffee chain is in a bit of hot water after security researcher Daniel Wood decided to test the Starbucks app (available for Android and iOS) to see if it was secure.
According to CNNMoney, the Starbucks app stores a significant amount of user information. This includes the user's home address, username, e-mail address and full name.
That's one issue that could aggravate customers, but there is a much bigger problem involving the way that data is stored.
Wood learned (and revealed) that the app stores this personal data in plain text.
Remote hackers cannot currently take advantage of that aspect. But if they were to obtain the phone of a Starbucks app user, they could gain access to the user's personal information.
The process is not a simple one. To uncover a user's info, the hacker must plug the phone into a computer and know how to access the file storing the personal data.
A Starbucks spokeswoman dismissed the notion that a user will be hacked, telling CNNMoney that the possibility of the vulnerability being exploited is "very far fetched."
Nonetheless, roughly 10 million people use the app for iOS or Android. With that many customers on board, it is feasible to think that at least one of those users could be hacked -- especially now that security issue has gone public.
If a hacker is successful in gathering the user's info, he or she could access money that is stored in the customer's Starbucks account. This is where the issue really becomes a problem.
Until the app is patched to ensure that user info is safe, Starbucks customers might want to keep a close eye on their smartphones.
Update 1-16-14, 4:05 p.m. EST: Security expert Kevin Baranowski does not think that consumers have to worry about the app vulnerability.
Update 1-17-14, 1:05 p.m. EST: Starbucks spokesman Zack Hutson e-mailed Benzinga an update regarding the app's vulnerability. He provided three key points:
- "We have no indication that any customer has been impacted by this or that any information has been compromised."
- "Earlier this week we added safeguards to protect against the theoretical vulnerabilities raised by Daniel Wood."
- "Yesterday we released an update for the app that will add extra layers of protection, and are encouraging customers to download it as an additional safeguard."
Additionally, Starbucks CIO Curt Garner posted a letter about the company's response to the app vulnerability.
Disclosure: At the time of this writing, Louis Bedigian had no position in the equities mentioned in this report.
© 2014 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.