Starbucks: Your iOS App Data is Safe, Update Coming with “Extra Layers of Protection” [u]
Starbucks Chief Information Officer, Curt Garner, has issued a letter to customers and users of its iOS mobile app addressing security concerns. It was revealed earlier the company’s iPhone app stored user credentials and geolocation data unencrypted locally on the device—something they acknowledged they were well aware of.
The letter below states the company has already put safeguards in place to secure your data and is fast tracking an iOS update with “extra layers of protection”:
We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us. To protect the integrity of these added measures, we are unable to share technical details but can assure you that they sufficiently address the concerns raised in the research report.
Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection. We expect this update to be ready soon and will share our progress here. While we are working on the update, we would like to emphasize that your information is protected and that you should continue to feel confident about the integrity of our iOS app.
The Verge was able to confirm with a Starbucks representative the iOS app will no longer store clear text data once the update has been released.
Despite this discovery by security researcher Daniel Wood, if you have auto-reload setup on your Starbucks iPhone app, make sure you have the app passcode enabled on the app. All it takes is one unscrupulous person to ‘borrow’ your iPhone, and email a screenshot of your Starbucks card bar code to themselves (this means your Passbook app is also at risk). Remember, trust no one in life–except for your dog or cat.
Update: the Starbucks app update is now available in the App Store, with “additional performance enhancements and safeguards”. Click here to download it.