United States’ most popular mobile payment program, Starbucks has updated its iOS app after the news broke out regarding its security issues related to the user data storage in plain text, including username and password.
Before this update, it was revealed that Starbucks app for iPhones has been storing the username, email ID and password of its users in plain texts, thus easy to get accessed by a thief.
Security researcher Daniel Wood disclosed the matter in last November, where he reported that even the geo-location information of the Starbucks app users also being stored in a clear text, unencrypted that could be easily accessible by anyone who access the phone by connecting to a computer.
Soon later, Starbucks CIO Curt Garner released a statement to its customers that there are no report of compromised user data and it said that the company will be soon launching the software update that could make it secure via encryption of user data on handsets. It also said that only iOS app for iPhones are currently in the radar and Google’s Android smartphones are not vulnerable as of now.
Till yesterday, The same 2.6.1 version of the Starbucks app was available for download at App Store, which was the same app referenced by Daniel Wood in the disclosure of the threat. However, soon after the news broke out, the vulnerability has been fixed and the company has released the 2.6.2 version of the app. But, Android app was last updated on September 2013, as it said to be not vulnerable.
In the changelog of the iOS app, the company mentioned, “additional performance enhancements and safeguards,” that suggests the vulnerability has been addressed.[ Source: iTunes, seclists ]