Coffee giant Starbucks has updated its mobile apps, after it was revealed that add-ons were saving users’ data in plain text.
The apps, used to pay for drinks, were storing names, email addresses and even GPS coordinates without encryption. Such data could be easily accessed by those with a basic knowledge of the back end of the service.
Starbucks has now issued a new update for iOS and Android. It revealed the tweak via its Twitter account, although its update notes do not make reference to the security concerns. Instead, it mentions ‘additional performance enhancements and safeguards’.
The problem was discovered last year by security researcher Daniel Wood. He said he tested two versions, both of which stored user information as plain text.
With mobile payment solutions becoming more widespread, such security issues are likely to dominate the tech headlines in the next few months and years.
Was this article helpful?