As more and more of our information moves online and onto our mobile devices, the security protecting this data is facing increasing scrutiny. Reports of security breaches regularly surface as headlines. For example, both Target and Neiman Marcus have been recent subjects of security breaches. This week, it was Starbucks turn to be embroiled in such a story, albeit not on the same scale.
It all started back in November when security research Daniel Wood discovered that the Starbucks iOS app’s crash analytics software stores sensitive information such as username and password information in clear text. He reached out to Starbucks with his findings but the company did little to address the problem. Wood went public on Tuesday and suddenly found that he had the company’s attention.
Yesterday, Starbucks issued a press release in which Curt Garner, Starbucks chief information officer, acknowledged the flaw in a press release but also downplayed its severity:
Your security is incredibly important to us. This week a research report identified theoretical vulnerabilities associated with the Starbucks Mobile App for iOS in the event a customer’s iPhone were to be physically stolen and hacked.
We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.
Nonetheless, Starbucks did promise to “accelerate the deployment of an update for the app that will add extra layers of protection.” It made good on its promise today and released version 2.6.2 of its Starbucks app with “extra layers of protection.” Needless to say, the company now “encourage[s] customers to download the update as an additional safeguard measure.”
Sources : Apple App Store // Full Disclosure // Starbucks