When you type a password into a mobile payment app, youd probably expect it to protect that password somehow. But it seems that the Starbucks app for iOS doesnt actually lock its usernames and passwords down. According to a Computerworld report, company executives admitted today that the mobile app stores passwords in clear text, with no encryption of any sort. Whats more, it appears that Starbucks may not intend to actually fix the problem. Daniel Wood, the security researcher who originally discovered the vulnerabiility in November, says that the latest version of the app still includes the same unencrypted passwords and usernames.
Comments are closed.
