Starbucks’ mobile app for iOS has a security flaw that could allow hackers to steal the users’ username and password directly from the phone without even knowing the users’ PIN.
According to CNNMoney, version 2.6.1 of the app, which allows users to order food and drinks directly from their phones, saves users’ personal information in plain text. All a hacker would have to do is plug the phone into a laptop to access the information.
Starbucks spokeswoman Linda Mills told CNNMoney she was aware of the issue, but asserted the possibility of it being used was “very far fetched.”
After receiving several inquiries about the issue, Starbucks stated in a letter to customers it was “working to accelerate the deployment of an update for the app that will add extra layers of protection.”
The security flaw was initially brought to light Daniel Wood, a security researcher and Starbucks customer, who said he tested the app to see if his information could be accessed.
Wood went public with the issue after he approached the company and didn’t hear back from their tech teams.
Starbucks spokesman Jim Olson said approximately 10 million customers have downloaded the app.