Is the Starbucks App Leaving Customers Vulnerable to a Hack?


Starbucks’ (NASDAQ:SBUX) mobile app might make it easy to buy coffee and food directly from your smartphone every morning, but it can also leave you open to attack, security researcher Daniel Wood says. CNN reported Wednesday that Wood researched the security of Starbucks’ app after he was concerned whether his information was secure, and he confirmed that the system makes customers vulnerable to hacks.

Starbucks’ app is used by about 10 million customers, and it saves customers’ usernames, passwords, and other personal information in plain text, which is where Wood recognized an issue last month. From his research report, he determined that a hacker could easily pick up a lost phone, plug it into a laptop, and recover a Starbucks customer’s password without knowing the smartphone’s PIN code. That’s what he called into question in December.

Hacks are a significant fear for consumers these days, especially considering Target’s (NYSE:TGT) latest data breach. When Wood recorded his report in an online post last month, he was quickly contacted by Starbucks.

CNN reports that Starbucks has acknowledged Wood’s security concerns, but spokeswoman Linda Mills told the news outlet that the possibility of customer exploitation is “very far fetched.” The company’s sentiments aren’t completely off base, though, considering that in order to access a customer’s information, one would need to access that person’s password, phone, have a computer handy, and know how to access the file.

However, it is still a risk the coffee giant may not want to take. Olson said to CNN, “Obviously the security of our customers’ information is of the utmost importance to Starbucks and we’re monitoring for any risks and vulnerabilities.”

Starbucks’ app is currently available for Apple (NASDAQ:AAPL) and Gooogle (NASDAQ:GOOG) Android devices, and the Apple version was last updated in May; the latest Android update was available in September. It doesn’t look as though Starbucks has updated its app to fix the security issue, but it is possible the world’s largest coffee chain will do so in the near future in order to to assuage any potential consumer concern.

It will be interesting to see how Starbucks customers react to Wood’s report, as it has now been covered by a variety of publications, thus making the issue more public. Starbucks maintains that it is “always evolving and enhancing [its] systems to ensure that [they] are secure,” and its next move might have to be along the lines of boosting its app’s security.

More From Wall St. Cheat Sheet: