Starbucks security endangers 10 million app users
The coffee store's app saves personal information that could be stolen by hackers.
Starbucks (SBUX) app users could end up with more than a delicious, premium-priced beverage.
The popular specialty coffee chain is in a bit of hot water after security researcher Daniel Wood decided to test the Starbucks app (available for Android and iOS) to see if it was secure.
According to CNNMoney, the Starbucks app stores a significant amount of user information. This includes the user's home address, username, e-mail address and full name.
That's one issue that could aggravate customers, but there is a much bigger problem involving the way that data is stored.
Wood learned (and revealed) that the app stores this personal data in plain text.
Remote hackers cannot currently take advantage of that aspect. But if they were to obtain the phone of a Starbucks app user, they could gain access to the user's personal information.
The process is not a simple one. To uncover a user's info, the hacker must plug the phone into a computer and know how to access the file storing the personal data.
A Starbucks spokeswoman dismissed the notion that a user will be hacked, telling CNNMoney that the possibility of the vulnerability being exploited is "very far fetched."
Nonetheless, roughly 10 million people use the app for iOS or Android. With that many customers on board, it is feasible to think that at least one of those users could be hacked -- especially now that security issue has gone public.
If a hacker is successful in gathering the user's info, he or she could access money that is stored in the customer's Starbucks account. This is where the issue really becomes a problem.
Until the app is patched to ensure that user info is safe, Starbucks customers might want to keep a close eye on their smartphones.
Disclosure: At the time of this writing, Louis Bedigian had no position in the equities mentioned in this report.
Read more from Benzinga:
If, as this article describes, a "hacker" would need physical possession of your phone, I don't think this really qualifies as a "hack". Jeesh, people keep so much personal data on their phones, none of it typically is encrypted. Best protections are to use a security code for using your phone, and have the ability to locate or wipe a stolen phone. Also, use a password manager app that encrypts sensitive information you might keep on your phone.
IF somebody steals my phone, they need only open my address book to find out my name, address, email, ect...
Why go through the hassle of trying to hack my apps. It is all right there. The harder part is just getting past my phone security before I activate my wipe software.
They are simply adorable and loving little things aren't they?
Copyright © 2014 Microsoft. All rights reserved.
Remy Cointreau says it was 'adversely affected' by China's anti-extravagance policy.
VIDEO ON MSN MONEY
Top Stocks provides analysis about the most noteworthy stocks in the market each day, combining some of the best content from around the MSN Money site and the rest of the Web.
Contributors include professional investors and journalists affiliated with MSN Money.
Follow us on Twitter @topstocksmsn.