Starbucks confirms that its iOS app stores passwords in plain text
Starbucks has confirmed a finding by security researcher Daniel Wood that both username and password in its iOS app are stored in plain text.
It’s not the big deal some are making it out to be – to make use of it, someone would need physical access to your unlocked iPhone, in which case you likely have bigger things to worry about than someone being able to order tall skinny lattes on your dime. Additionally, asĀ Engadget observes, a far easier hack by someone with access to your phone would simply be to take a photo of the on-screen barcode used to authorise payments.
All the same, it is pretty poor design on the part of a payment app from a major company, and it’s surprising that Starbucks apparently has no plans to fix it with an updated app.