Starbucks updates mobile app after reports of security threats
This week Computer World reported that the Starbucks mobile payment app — which has been widely embraced by consumers — stores passwords, user names and email addresses in plain text.
Now the Seattle-based coffee chain said it has released a new app that adds more protection, according to Computer World, which adds that it has been unable to verify that the fixes have resolved the issue.
As Computer World noted, security researcher Daniel Wood first discovered the holes. After the most recent updates, Wood told the magazine that he's "almost 100 percent certain" that the clear-text password problem is gone.
Wood was an independent researcher at the time he discovered the issue, but has since been brought on by Starbucks as a security consultant, Computer World said.
The initial story reported that the Starbucks mobile app for iOS devices, which is the most widely used mobile app in the U.S., stored credentials in such a way that anyone with access to the phone can see the password by connecting the phone to a PC, regardless of whether or not it is PIN-protected.
Learn more about in-app payments and security.