No users were hacked says Starbucks
Coffee house Starbucks is in hot water over the way its app stores confidential information about the user. The mobile app allows the user to pay for coffee using the app rather than cash. It has been discovered that the app stores that personal information in plain text.
The information that is stored in plain text includes the customer user name, password, and other personal information. Storing the information in plain text leaves it open to theft by nefarious users. A hacker wouldn't need the PIN code to get into a secured device to access the file.
KETK reports a Starbucks spokesman Jim Olson confirmed the vulnerability and said that no customers have said they were hacked as a result of the flaw. "Obviously the security of our customers' information is of the utmost importance to Starbucks and we're monitoring for any risks and vulnerabilities," he said.
Another company spokesperson named Linda Mills said that taking advantage of the vulnerability is "very farfetched." She says that the person would need to have the phone in their possession, have a computer, and know how to access the file on the phone. If the hacker did get the password, they could access the money in the persons account free coffee.