Starbucks security endangers 10 million app users

The coffee store's app saves personal information that could be stolen by hackers.

By Benzinga Jan 16, 2014 12:14PM

Starbucks sign hanging in the window of their coffee shop store in Seattle, Wash. © KPA Zuma Press/Rex FeaturesBy Louis Bedigian

 

Starbucks (SBUX) app users could end up with more than a delicious, premium-priced beverage.

 

The popular specialty coffee chain is in a bit of hot water after security researcher Daniel Wood decided to test the Starbucks app (available for Android and iOS) to see if it was secure.

 

According to CNNMoney, the Starbucks app stores a significant amount of user information. This includes the user's home address, username, e-mail address and full name.

 

That's one issue that could aggravate customers, but there is a much bigger problem involving the way that data is stored.

 

Wood learned (and revealed) that the app stores this personal data in plain text.

Remote hackers cannot currently take advantage of that aspect. But if they were to obtain the phone of a Starbucks app user, they could gain access to the user's personal information.

 

The process is not a simple one. To uncover a user's info, the hacker must plug the phone into a computer and know how to access the file storing the personal data.

 

A Starbucks spokeswoman dismissed the notion that a user will be hacked, telling CNNMoney that the possibility of the vulnerability being exploited is "very far fetched."

 

Nonetheless, roughly 10 million people use the app for iOS or Android. With that many customers on board, it is feasible to think that at least one of those users could be hacked -- especially now that security issue has gone public.

 

If a hacker is successful in gathering the user's info, he or she could access money that is stored in the customer's Starbucks account. This is where the issue really becomes a problem.

 

Until the app is patched to ensure that user info is safe, Starbucks customers might want to keep a close eye on their smartphones.

 

Disclosure: At the time of this writing, Louis Bedigian had no position in the equities mentioned in this report.

 

Read more from Benzinga:

6Comments
Jan 16, 2014 1:47PM
avatar

If, as this article describes, a "hacker" would need physical possession of your phone, I don't think this really qualifies as a "hack".  Jeesh, people keep so much personal data on their phones, none of it typically is encrypted.  Best protections are to use a security code for using your phone, and have the ability to locate or wipe a stolen phone.  Also, use a password manager app that encrypts sensitive information you might keep on your phone.

Jan 16, 2014 12:44PM
avatar

IF somebody steals my phone, they need only open my address book to find out my name, address, email, ect...

 

Why go through the hassle of trying to hack my apps.  It is all right there.  The harder part is just getting past my phone security before I activate my wipe software.

Jan 16, 2014 1:57PM
avatar
Apps are developed by amateurs without regard for encryption or security.
Jan 17, 2014 8:56AM
avatar
A future Republican in the making.

http://www.youtube.c​​​om/watch?v=AukE25i​s​p​VY

They are simply adorable and loving little things aren't they?
Jan 16, 2014 8:15PM
avatar
Every time I hear some one say that to be hacked is far fetched or they are uber secure it sounds like saying "sic'em" to hackers.  I may have to unregister my card and stop using my phone app to make purchases...target already created problems for me - BACK TO CASH ONLY!!!
Jan 17, 2014 12:08AM
avatar
"But if they were to obtain the phone of a Starbucks app user, they could gain access to the user's personal information." - I would think if you got the phone you would get more than that.  Like an address book full of all sorts of neat stuff.
Report
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
Categories
100 character limit
Are you sure you want to delete this comment?

DATA PROVIDERS

Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.

STOCK SCOUTER

StockScouter rates stocks from 1 to 10, with 10 being the best, using a system of advanced mathematics to determine a stock's expected risk and return. Ratings are displayed on a bell curve, meaning there will be fewer ratings of 1 and 10 and far more of 4 through 7.

120
120 rated 1
268
268 rated 2
439
439 rated 3
709
709 rated 4
641
641 rated 5
609
609 rated 6
640
640 rated 7
516
516 rated 8
272
272 rated 9
152
152 rated 10
12345678910

Top Picks

SYMBOLNAMERATING
EXCEXELON CORPORATION10
TAT&T Inc9
VZVERIZON COMMUNICATIONS8
CTLCENTURYLINK Inc8
AAPLAPPLE Inc10
More

VIDEO ON MSN MONEY

ABOUT

Top Stocks provides analysis about the most noteworthy stocks in the market each day, combining some of the best content from around the MSN Money site and the rest of the Web.

Contributors include professional investors and journalists affiliated with MSN Money.

Follow us on Twitter @topstocksmsn.