Thanks to a report of ComputerWorld, we now know that the Starbucks app on iOS does not encrypt it’s user’s passwords.
Executives from Starbucks said that passwords used for the app were stored in clear text, had no protection, and could be accessed easily through a crash log. The company also has no intentions of making any changes and also claims that it has somehow “taken steps to safeguard customers’ information,” though what those steps are, who knows.
According to Daniel Wood, who was the first to discover the weakness back in November, and is a security researcher, the current version of the Starbucks app has not been changed as far as security is concerned. “Anything they have done on their end won’t matter as the vulnerability lies within the application on end user devices,” he said.
Luckily, a criminal would still need to actually have your phone to access this information, still, it is a security risk that Starbucks should fix.