Slashdot Mirror

← Back to Stories (view on slashdot.org)

Starbucks Phone App Stores Password Unencrypted

Posted by timothy on from the don't-spend-it-all-in-one-place dept.

JThaddeus writes "The Daily Caller reports a serious security flaw in the Starbucks phone app: 'Starbucks confirmed late Tuesday that anyone could access the unencrypted data stored on the official Starbucks app simply by connecting the phone to a computer – bypassing lock screen or PIN security features with no hacking or jailbreaking necessary.' The linked report is for iOS. No mention of Android, but do you think it is any different?" (Starbucks says they've addressed the problem.)

1 of 137 comments (clear)

  1. Re:Hard to have this happen on Android... by Sockatume · · Score: 4, Informative

    This is wrong and should be ignored. It's not stored unencrypted in the app's data folders; it's sent unencrypted to the debug log, which is also readable to anyone on the host PC.

    --
    No kidding!!! What do you say at this point?