clock menu more-arrow no yes mobile

Filed under:

Starbucks' updated iOS app more securely stores user passwords (update)

New, 16 comments
Starbucks Android app 1
Starbucks Android app 1

Yesterday, it came to light that the Starbucks mobile payment app for iOS wasn't totally secure: the app was storing usernames, passwords, and email addresses in an unencrypted plain text format. Starbucks claimed that it had already fixed the issue, but the security researcher who originally identified the problem begged to differ, saying that Starbucks would need to actually update its app to remedy the situation.

Now, Starbucks says it will do just that. In a press statement issued by the company, Starbucks CIO Curt Gartner writes that while "there is no indication that any customer has been impacted by this or that any information has been compromised," the company will indeed update its app. "Out of an abundance of caution, we are also working to accelerate the deployment of an update for the app that will add extra layers of protection," writes the executive.

While the statement only describes the app fix in extremely broad terms, we've confirmed with a Starbucks representative that the app will no longer store user data in cleartext after the update is complete. Starbucks says the update will be ready soon.

Update: Starbucks has now updated its app. In a statement sent to The Verge, the company says it has "released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure."