specialty coffee chain is in a bit of hot water after security researcher Daniel Wood decided to test the Starbucks app (available for Android and iOS) to see if it was secure.According to CNNMoney, the Starbucks app stores a significant amount of user information. This includes the user's home address, username, e-mail address and full name.
That's one issue that could aggravate customers, but there is a much bigger problem involving the way that data is stored.
Wood learned (and revealed) that the app stores this personal data in plain text.
Remote hackers cannot currently take advantage of that aspect. But if they were to obtain the phone of a Starbucks app user, they could gain access to the user's personal information.
The process is not a simple one. To uncover a user's info, the hacker must plug the phone into a computer and know how to access the file storing the personal data.
A Starbucks spokeswoman dismissed the notion that a user will be hacked, telling CNNMoney that the possibility of the vulnerability being exploited is "very far fetched."
Nonetheless, roughly 10 million people use the app for iOS or Android. With that many customers on board, it is feasible to think that at least one of those users could be hacked -- especially now that security issue has gone public.
If a hacker is successful in gathering the user's info, he or she could access money that is stored in the customer's Starbucks account. This is where the issue really becomes a problem.
Until the app is patched to ensure that user info is safe, Starbucks customers might want to keep a close eye on their smartphones.
