Market Overview

Starbucks Security Issue Endangers 10 Million App Users

Share:
Starbucks Security Issue Endangers 10 Million App Users

Starbucks (NASDAQ: SBUX) app users could end up with more than a delicious, premium-priced beverage.

The popular specialty coffee chain is in a bit of hot water after security researcher Daniel Wood decided to test the Starbucks app (available for Android and iOS) to see if it was secure.

According to CNNMoney, the Starbucks app stores a significant amount of user information. This includes the user's home address, username, e-mail address and full name.

That's one issue that could aggravate customers, but there is a much bigger problem involving the way that data is stored.

Wood learned (and revealed) that the app stores this personal data in plain text.

Remote hackers cannot currently take advantage of that aspect. But if they were to obtain the phone of a Starbucks app user, they could gain access to the user's personal information.

Related: Why Is Google Giving Starbucks Customers Free Wi-Fi?

The process is not a simple one. To uncover a user's info, the hacker must plug the phone into a computer and know how to access the file storing the personal data.

A Starbucks spokeswoman dismissed the notion that a user will be hacked, telling CNNMoney that the possibility of the vulnerability being exploited is "very far fetched."

Nonetheless, roughly 10 million people use the app for iOS or Android. With that many customers on board, it is feasible to think that at least one of those users could be hacked -- especially now that security issue has gone public.

If a hacker is successful in gathering the user's info, he or she could access money that is stored in the customer's Starbucks account. This is where the issue really becomes a problem.

Until the app is patched to ensure that user info is safe, Starbucks customers might want to keep a close eye on their smartphones.

Update 1-16-14, 4:05 p.m. EST: Security expert Kevin Baranowski does not think that consumers have to worry about the app vulnerability.

Update 1-17-14, 1:05 p.m. EST: Starbucks spokesman Zack Hutson e-mailed Benzinga an update regarding the app's vulnerability. He provided three key points:

  1. "We have no indication that any customer has been impacted by this or that any information has been compromised."
  2. "Earlier this week we added safeguards to protect against the theoretical vulnerabilities raised by Daniel Wood."
  3. "Yesterday we released an update for the app that will add extra layers of protection, and are encouraging customers to download it as an additional safeguard."

Additionally, Starbucks CIO Curt Garner posted a letter about the company's response to the app vulnerability.

Disclosure: At the time of this writing, Louis Bedigian had no position in the equities mentioned in this report.

Posted-In: Android CNNMoney Daniel Wood Google iOS StarbucksNews Tech Best of Benzinga

 

Related Articles (SBUX)

View Comments and Join the Discussion!
Don't Miss Any Updates!
News Directly in Your Inbox
Subscribe to:
Benzinga Premarket Activity
Get pre-market outlook, mid-day update and after-market roundup emails in your inbox.
Market in 5 Minutes
Everything you need to know about the market - quick & easy.
Daily Analyst Rating
A summary of each day’s top rating changes from sell-side analysts on the street.
Fintech Focus
A daily collection of all things fintech, interesting developments and market updates.
Thank You

Thank you for subscribing! If you have any questions feel free to call us at 1-877-440-ZING or email us at vipaccounts@benzinga.com