Time to stop using your Starbucks app to pay for your cup o’ joe
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
…
The thief could potentially steal far more if the victim had activated an auto-replenish option, which would allow the app to repeatedly access the victim’s bank account to continually add more money to the Starbucks account. Brotman said that any request for more bank funds would trigger a message to the victim — he said it would probably be an email — which could alert the victim to the fraud. If the victim then contacted Starbucks, the account would be shut down.
Michael Sauers is the Director of Logan Library in Logan, UT. Prior to this he was one of the founding staff and Technology Manager for Do Space in Omaha, NE. After earning his MLS in 1995 from the University at Albany's School of Information Science and Policy Michael spent his first 20 years as a librarian training other librarians in technology along with time as a public library trustee, a bookstore manager for a library friends group, a reference librarian, a technology consultant, and a bookseller. He has written dozens of articles for various journals and magazines and has published 14 books ranging from library technology, blogging, Web design, and an index to a popular horror magazine. In his spare time, he blogs at TravelinLibrarian.info, runs The Collector's Guide to Dean Koontz website at CollectingKoontz.com, takes many, many photos, and typically reads more than 100 books a year.
Unless otherwise stated, all opinions are my own and are not to be considered those of the City of Logan, UT.
View all posts by Michael Sauers
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
