Starbucks released a new app, but soon came under fire for vulnerability issues. The idea is that users only need to enter their details once; however, this feature can lead to password vulnerability. The coffee giant is promising to fix these issues.
Users can download the app onto their phone and order food and drinks straight through it. The app is reported to provide minimal queuing and an easier service. However, the security issues are too much for some to even consider downloading the Starbucks app.
While the company wants to offer ease, all the details used to access the app – including the password – are stored on the phone. Unlike storing passwords on the computer when asking a browser to remember the details, the information is stored in plain text. No encryption service is used, making it possible for anyone to see the information. All a person needs to do is connect the phone to the computer and download the information.
Email addresses, location and usernames used on the Starbucks app are also visible. A hacker would not even need to unlock the phone to be able to get the information. The danger is that hackers could gain access to a bank account to buy as many drinks as he or she wants, as it is possible to allow the app to automatically fetch money from the bank account when there are not enough funds stored within the Starbucks account.
Linda Mills, a spokesperson for Starbucks, admitted that there were vulnerability issues with the app. The company is currently working on an upgrade to provide a fix for these security problems. However, she did state that the idea of a hacker breaking into the account is “far fetched.” She also said there had been no complaints, regarding anybody losing money, due to the way the information is stored.
Encrypting the data would mean that users need to enter their password every time they access the app. This is an inconvenience to some, and the app is already one of the most popular methods of payment for customers in the United States.
Jim Olsen, another spokesperson, stated that it would be hard for a hacker to use this vulnerability to their advantage. Access to the phone would be needed first, as well as a computer. Knowledge of accessing the file would also be required.
Customers who currently use the app can protect themselves. The first is to avoid letting the account automatically take money from a bank account, if there are insufficient funds; only the money within the Starbucks account would be at risk, in the event of a security breach. The second is to make sure passwords are different for all websites a user accesses. If all passwords are the same, and one is stolen, a hacker could gain access to many other accounts – a situation that is potentially more dangerous.
The vulnerability was spotted by Daniel Wood in November. He was testing the app for security and established how his details were stored. Starbucks is currently working on a fix for the vulnerability issues within the app, but has not released any other information.
By Alexandria Ingham