Results 1 to 5 of 5

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Starbucks' iOS App Under Fire Over Data Security Practices

  1. #1
    What's Jailbreak? Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    5,897
    Thanks
    3
    Thanked 200 Times in 179 Posts

    Default Starbucks' iOS App Under Fire Over Data Security Practices


    Starbucks, the coffee mega chain appears to be under fire over their data security practices after it was recently discovered that the company’s iOS payment app doesn’t encrypt customers’ login information. Security researcher, Daniel Wood, publicly disclosed the vulnerability, which would require an attacker to have physical access to the device. Wood told the folks over at Computerworld that he first contacted Starbucks to report the flaw last November and only went public after the company failed to act.

    One of the things at issue here is a log file generated by Twitter-owned crash reporting analytics firm, Crashlytics. The log file, which Wood says can be retrieved from a user’s handset even if the phone is locked with a PIN, contains unencrypted versions of the customer’s username, email address and password. Starbucks executives for their part acknowledged the vulnerability and said that they have made changes to mitigate the danger. According to Starbucks’ Chief Digital Officer Adam:

    We were aware and adequate security measures are in place now. Usernames and passwords are safe.
    Wood reassessed the situation following the statement and found that the credentials were still freely available. Although this particular vulnerability is unlikely to cause widespread damage, the publication notes that it does provide an opportunity to remind the public of the dangers of reusing passwords across services. A targeted attack against an individual who uses the same password for both Starbucks and their online banking service, for instance, could yield a significant issue for the victim.

    Are you an avid Starbucks’ customer who is affected by this issue?

    Source: Computerworld, SEClists

    Twitter: @AkshayMasand

  2. #2
    I am! This truly is alarming especially at the rate Starbucks pushes their mobile app in advertisements.

  3. #3
    Livin the iPhone Life bigboyz's Avatar
    Join Date
    Feb 2009
    Location
    North East Coast
    Posts
    2,095
    Thanks
    19
    Thanked 430 Times in 265 Posts

    Whenever you sign up and use your personal info..these are the downfalls of trusting Corporate America with your personal info. Even when its not infiltrated or compromised, its still being looked at by someone.

  4. #4
    I'm addicted to jailbreak luvmytj's Avatar
    Join Date
    Jul 2008
    Location
    New York
    Posts
    843
    Thanks
    32
    Thanked 112 Times in 83 Posts

    Figures... I use this app all the time in the Target Starbucks.

  5. #5
    No thanks, I'll stick to DD.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •