Considered one of the smartest ventures on the face of the earth, Starbucks coffee provides an app for junkies to deposit dollars into a Starbucks account, and when you order your java, it’s deducted from your total stash available, no need to stand in those annoying lines. This is similar to the same system most turnpikes/tollroads use when you have what’s referred to as a Pike Pass here in Oklahoma. At Starbucks, the big ouch is, your information is stored, but it is not encrypted.
Starbucks executives confirm the coffee chain’s mobile payment app has been storing usernames, email addresses and passwords in clear text — not encrypted, according to a Computerworld report.
That means anyone who can get access to a device with the Starbucks mobile-payment app could connect the phone to a PC and get the passwords, usernames and a list of geolocation tracking points — which could sacrifice the phone owner’s privacy and security.
Knowing the phone owner’s information would allow the thief to charge items to the victim’s account, until the stored value on the card is used up.
Even worse, if the phone owner activated an auto-replenish option, more money could be accessed from the victim’s bank account…
Customers using the free Starbucks app only need to enter their password once, while activating the payment options. After that, users don’t have to enter their username or passwords again.
To exploit the easily-read information, a thief would have to steal or at least borrow the device upon which the Starbucks app is loaded.
Yet, a hacker could access the information even without knowing the phone’s PIN code, writes Schuman.
If you would like to receive Maggie’s Notebook daily posts direct to your inbox, no ads, no spam, EVER, enter your email address in the box below.