Starbucks

Security disaster: Starbucks app stores customers' passwords in plain text

Monday, January 20, 2014 by: J. D. Heyes
Tags: Starbucks, customer passwords, security failure

eTrust Pro Certified

Delicious Pin It
(NaturalNews) In the technology age, it seems that nary a week or two passes without another sad story relating that Americans' personal information and privacy has been compromised.

Now, according to Washington, D.C.-area radio station WTOP, "The most-used mobile payment app in the United States stored its users personal information in a way that could have gotten a tech-savvy thief a lot of free coffee -- on you."

That would be Starbucks coffee.

Indeed, as the station reported, the coffee giant's executives have confirmed that the store chain's mobile application has been storing user names as well as email addresses and passwords, and all in crystal-clear text, not encrypted text.

The tech pub Computerworld adds:

The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.

'I would have expected more out of Starbucks'

Tech experts know that when thieves can access a phone owner's information, they can then charge items to the victim's account, up to the amount of stored value on the victim's card. But what's worse, if the victim has chosen an "auto-replenish" option, even more money could be accessed from the victim's bank account.

"What you've described is fair, at a high level," Starbucks CIO Curt Garner said. "From a design perspective, this could have potentially happened."

Computerworld said Starbucks has taken the same path as scores of other firms:

The issue appears to be an example of convenience trumping security. One of the reasons for the Starbucks mobile app's popularity is its extreme ease of use. Customers need only enter their password once when activating the payment portion of the app and then use the app to make unlimited purchases without having to key in the password or username again. (Only when adding money to the app is the password required.)

Naturally, Starbucks could have made the decision to not allow passwords to be stored on phones, but then users would be required to type in their username and password each time they chose to use the app to buy something.

"A company like Starbucks has to make the choice between usability to drive adoption and the potential for misuse or fraud," Charlie Wiggs, general manager and senior vice president for U.S. markets at mobile vendor Mozido, told Computerworld. "Starbucks has opted to make it very convenient. They just have to make sure that their comfort doesn't overexpose their consumers and their brand."

Another security analyst, Avivah Litan, added that Starbuck's decision surprised him.

"I would have expected more out of Starbucks. At least they should have informed consumers," he said.

Two executives, quoted in a phone interview with Computerworld, said they have known the credentials were being stored in plain text and were aware that the coffee chain could have made a different decision regarding passwords and encryption.

"We were aware," said Chief Digital Officer Adam Brotman. "This was not something that was news to us."

Choosing convenience over security

Customers who use the free Starbucks app were only required to enter their password once, while activating payment options. After that, they no longer had to enter a username or password.

Starbucks is only the latest chain to put customers' personal information at risk. In December, big box retailer Target announced that tens of millions of customer purchase records had been hacked.

As reported by CNNMoney, the breach drew the ire of U.S. lawmakers:

Two U.S. senators jumped in with demands for investigations.

Chuck Schumer called on the Consumer Financial Protection Bureau to report on whether retailers should be required to encrypt customer card data. Richard Blumenthal called for a Federal Trade Commission probe, saying "it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information."


No breach of Starbucks customer data has been reported, but what is alarming is that, in the age of the hacker - when even encrypted data is at risk - it is unbelievable that a major U.S. retailer would choose convenience over security for its customers.

Sources:

http://wtop.com

http://www.computerworld.com

http://money.cnn.com

Get breaking news alerts on GMOs, fluoride, superfoods, natural cures and more...
Join over four million monthly readers. Email privacy 100% protected. Unsubscribe at any time.


Have comments on this article? Post them here:

comments powered by Disqus

Take Action: Support NaturalNews.com

Email this article to a friend

Permalink to this article:

Reprinting this article: Non-commercial use OK, cite NaturalNews.com with clickable link.

Embed article link: (copy HTML code below):
Most Popular
Today | Week | Month | Year

See all Top Headlines...



GET SHOW DETAILS
+ a FREE GIFT

Now Available at ShopNaturalNews.com

O3 Essentials OraJuvenate™
A powerful, cleansing dental cream for maximum oral/dental health.
New Cancer Solutions
Over 3 hours of content covering today’s best cancer tests, how to kill cancer cells and the best diets and exercise routines.
Freeze-Dried 100% Organic Whole Corn
Our freeze-drying method preserves taste, texture and nutrients better than any other food preservation method ever invented.
Fenix TK35 Flashlight
Tough, waterproof, extremely bright and it’s touted to throw an 800+ lumen beam more than 1,000 feet into the night.
Inca Treasure Smoothie Pack
This pack of our four most popular superfoods from South America is the perfect combo pack for smoothie lovers.
Pink Himalayan Salt
This salt delivers significant levels of magnesium, zinc and selenium, with trace levels of dozens of other elements.
Pinhole Glasses - Aviator Style
Pinhole glasses are becoming famous for helping people improve their vision without the risks of laser surgery.
Oxy-Rich Facial Serum
O3 Essentials Jojoba Oxy-Rich Facial Serum is cellular nourishment for your skin. Helps smooth fine lines while enhancing tissue elasticity.
Freeze-Dried 100% Blackberry Halves
Our freeze-dried blackberry halves are grown in Serbia under strict organic standards.

Also on NaturalNews:

Health Ranger Videos
Activist music
CounterThink Cartoons
Food documentaries
FREE Special Reports
Podcasts
Colloidal Silver

Advertise with NaturalNews...

Support NaturalNews Sponsors:

Advertise with NaturalNews...

Most Popular Stories

Flu shot kills 19-year-old, but vaccine industry still has total immunity against lawsuits
Here's a nutty fact: Eating more tree nuts lowers the risk of all-cause death by up to 20 percent
Six important facts you're not being told about lost Malaysia Airlines Flight 370
Malaysia Airlines Flight 370 now clearly a government cover-up: All evidence contradicts official story
10 other companies that use the same Subway yoga mat chemical in their buns
BLM fracking racket exposed! Armed siege and cattle theft from Bundy ranch really about fracking leases
High-dose vitamin C injections shown to annihilate cancer
U.S. treating meat with ammonia, bleach and antibiotics to kill the '24-hour sickness'
USDA to allow U.S. to be overrun with contaminated chicken from China
Vaccine fraud exposed: Measles and mumps making a huge comeback because vaccines are designed to fail, say Merck virologists
Battle for humanity nearly lost: global food supply deliberately engineered to end life, not nourish it
Diet soda, aspartame linked to premature deaths in women

25 Amazing Facts About Food

This FREE downloadable report unveils a collection of astonishing and little-known facts about the food we eat very day. Click here to read it now...

 

Resveratrol and its Effects on Human Health and Longevity - Myth or Miracle.

Unlock the secrets of cellular health with the "miracle" nutrient Resveratrol Click here to read it now...

 

Nutrition Can Save America

FREE online report shows how we can save America through a nutrition health care revolution. "Eating healthy is patriotic!" Click here to read it now...

The Healing Power of Sunlight and Vitamin D

In this exclusive interview, Dr. Michael Holick reveals fascinating facts on how vitamin D is created and used in the human body to ward off chronic diseases like cancer, osteoporosis, mental disorders and more. Click here to read it now...

Vaccines: Get the Full Story

The International Medical Council on Vaccination has released, exclusively through NaturalNews.com, a groundbreaking document containing the signatures of physicians, brain surgeons and professors, all of which have signed on to a document stating that vaccines pose a significant risk of harm to the health of children. Click here to read it now...

Health Ranger Storable Organics

GMO-free, chemical-free foods and superfoods for long-term storage and preparedness. See selection at www.StorableOrganics.com



Recommended Resources On:

Natural News trends
Health Ranger news
Natural News GMOs
Mike Adams tracker
Natural News photos
Natural News Global
Natural News in focus
Natural News connect
Natural News shocking stories
Natural News radar
GMOs
Quackwatch
Vaccines
Health freedom
Dr. Paul Offit

This site is part of the Natural News Network © 2014 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

eTrust Pro Certified Android app on Google Play

Sign up for the FREE Natural News Email Newsletter

Receive breaking news on GMOs, vaccines, fluoride, radiation protection, natural cures, food safety alerts and interviews with the world's top experts on natural health and more.

Join over 7 million monthly readers of NaturalNews.com, the internet's No. 1 natural health news site. (Source: Alexa.com)

Your email address *

Please enter the code you see above*

No Thanks

Already have it and love it!

Natural News supports and helps fund these organizations:

* Required. Once you click submit, we will send you an email asking you to confirm your free registration. Your privacy is assured and your information is kept confidential. You may unsubscribe at anytime.