If you’re particularly concerned about the security of your passwords, you might want to stay away from Starbucks’ official iOS app: the Seattle-based coffee maker has just confirmed that passwords, credentials and location in the company’s app are stored in plain text, and are not hashed or encrypted at all.
The problem was first spotted by security researcher Daniel Wood, who spotted that Starbucks saved secure details in plain text within the app. Alerting Starbucks of the issue, he then downloaded an updated version of the app which Starbucks claimed contained “adequate security measures,” only to find that little had changed: all your user data, email addresses, passwords and even your GPS location are stored in plain text.
The good news is this information would be very difficult for casual hackers to access. Plucking your password from the Starbucks app requires physical access to your device. Even so, it’s yet another troubling incident in a trend of big corporations not taking adequate security measures to protect customer data. In 2014, nothing should be storing passwords unencrypted anymore.
Company executives have confirmed that they are aware of the issue.
Of course, Starbucks’ app has other security problems. How about the one that lets anyone who can photograph your phone use your on-screen barcode to drink free coffee off of your account?