Starbucks iOS App Stores Customer Information In Plain Text; Target For Hackers

Starbucks' mobile app for iOS has a security flaw that could allow hackers to steal the users' username and password directly from the phone without even knowing the users' PIN.

According to CNNMoney, version 2.6.1 of the app, which allows users to order food and drinks directly from their phones, saves users' personal information in plain text. All a hacker would have to do is plug the phone into a laptop to access the information.

Starbucks spokeswoman Linda Mills told CNNMoney she was aware of the issue, but asserted the possibility of it being used was "very far fetched."

After receiving several inquiries about the issue, Starbucks stated in a letter to customers it was "working to accelerate the deployment of an update for the app that will add extra layers of protection."

The security flaw was initially brought to light Daniel Wood, a security researcher and Starbucks customer, who said he tested the app to see if his information could be accessed.

Wood went public with the issue after he approached the company and didn't hear back from their tech teams.

Starbucks spokesman Jim Olson said approximately 10 million customers have downloaded the app.

Related Stories

Starbucks

Featured Local Savings

More from CBS News

Anything for love: Call Kurtis investigates the romance scam epidemic

Davis police officer dismissed over man's 2019 death days after Golden 1 Center trespassing

Cal Poly Humboldt protests shut down campus after police and pro-Palestinian demonstrators clash

California may soon put an end to line-skipping service at airports