Time to stop using your Starbucks app to pay for your cup o’ joe
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
…
The thief could potentially steal far more if the victim had activated an auto-replenish option, which would allow the app to repeatedly access the victim’s bank account to continually add more money to the Starbucks account. Brotman said that any request for more bank funds would trigger a message to the victim — he said it would probably be an email — which could alert the victim to the fraud. If the victim then contacted Starbucks, the account would be shut down.
Michael Sauers is currently the Director of Technology for Do Space in Omaha, NE. Michael has been training librarians in technology for the past twenty years and has also been a public library trustee, a bookstore manager for a library friends group, a reference librarian, serials cataloger, technology consultant, and bookseller since earning his MLS in 1995 from the University at Albany’s School of Information Science and Policy. Michael has also written dozens of articles for various journals and magazines and his fourteenth book, Emerging Technologies: A Primer for Librarians (w/ Jennifer Koerber) was published in May 2015 and more books are on the way. In his spare time he blogs at travelinlibrarian.info, runs The Collector’s Guide to Dean Koontz Web site, takes many, many photos, and typically reads more than 100 books a year.
View all posts by Michael Sauers
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
