A research report surfaced yesterday that revealed Starbucks was storing private information, such as the username, password and email addresses, of its users in clear text on its mobile app. In other words, if hackers were able to get around the protection Starbucks had in place, everything would be there to steal clear as day, without any encryption on the personal data. At first it sounded as though Starbucks had no plans to correct anything, but that changed on Thursday.
Starbucks issued a letter to customers, alerting them of the findings of the research report and the vulnerabilities of the Starbucks Mobile App for iOS. “There is no indication that any customer has been impacted by this or that any information has been compromised,” Starbucks’ chief information officer Curt Garner said. “Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us.” Starbucks said it won’t share the new safeguards, in an effort to keep its app even more secure, but that they “sufficiently address the concerns raised in the research report.”
Starbucks said it’s going to issue an update that adds even more protection to its iOS application and that it should be ready soon. In the meantime, it says users should feel safe using the existing iOS app.