The mobile payment app of Starbucks Corporation (NASDAQ:SBUX) is susceptible to cyber attack. According to a security researcher, hackers could easily access the password information and geological data of customers using the mobile payment app of the world’s largest coffee chain.
The vulnerability of the mobile payment app of Starbucks Corporation (NASDAQ:SBUX) was discovered by security researcher Daniel Wood.
Customer login information accessible
In his research note, Wood emphasized that hackers can easily access the login information of customers, and could make unauthorized purchases. According to him, “There are multiple instances of the storage of clear-text credentials that can be recovered and leveraged for unauthorized usage of a user’s account on the malicious user’s own device or online at https://www.starbucks.com/account/signin.”
In an interview with CNNMoney, Wood said, “The application is storing the users’ information — everything from your full name to your address to your username and password as well as your email address.”
He recommended that Starbucks Corporation (NASDAQ:SBUX) should conduct an output sanitation to prevent hackers from recovering sensitive use data and avoid it from being stored in the crashlytics log files in clear-text. He also suggested not to store customer’s credentials on the phone file system, and to consider using a standard iOS encryption library.
Wood published his observation regarding the vulnerability after informing the technical team of Starbucks Corporation (NASDAQ:SBUX) regarding the issue in December, and did not receive response from them. The company reached out to Wood after the issue became public.
Starbucks steps up security efforts
Starbucks Corporation (NASDAQ:SBUX) acknowledged that Wood’s report was technically accurate, however the company pointed out that it is safeguarding unauthorized access to such information.
Linda Mills, spokesperson of Starbucks Corporation (NASDAQ:SBUX) said, “Our customers’ security is of the utmost importance to us, and we actively monitor for risks and vulnerabilities. While we are aware of this report, there is no known impact to our customers.”
“To further mitigate our customers’ potential risk from these theoretical vulnerabilities, Starbucks has taken additional steps to safeguard any sensitive information that might have been transmitted in this way,” added Mills.
