Starbucks to roll out fix for weakness in iPhone app
SEATTLE (MCT) — Starbucks Corp. said it will soon roll out an update for its iOS mobile application, which a security expert says had a critical flaw that potentially exposed customer data to computer-savvy phone thieves.
Cyber-security researcher Daniel Wood disclosed this week that Starbucks’ digital wallet app for the iPhone doesn’t encrypt critical customer data — including email, password and credit card information. That makes it vulnerable to a hacker or thief who physically takes someone’s iPhone. Starbucks chief information officer Curt Garner, in a letter to customers posted on the company’s website Thursday, acknowledged that Wood’s report highlighted “theoretical vulnerabilities.”
Starbucks maintains that it had already added new barriers to protect the data, though it won’t elaborate for security reasons. The update to the app, Garner wrote, is being readied out of an “abundance of caution” to add extra layers of protection. “We expect this update to be ready soon,” he wrote.
The company has said that the app for Google’s Android mobile operating system doesn’t have the flaw.
Garner wrote that there’s no indication that anyone’s data has been compromised. He added that Starbucks customers who think their information may have been compromised should contact the company at 1-800-23-LATTE or http:/// www.starbucks.com/customer.
The flaw comes in the midst of rising worries about retailers’ ability to safely handle customer data, including credit card information. During the holiday season Target and Neiman Marcus suffered major cyber-heists.
For Starbucks, data safety is critical, especially as an increasing number of customers rely on their smartphones to store their loyalty cards. Some 11 percent of U.S. transactions in the quarter ended in September were made using the mobile app.
Rules for posting comments
Comments posted below are from readers. In no way do they represent the view of Oahu Publishing Inc. or this newspaper. This is a public forum.
Comments may be monitored for inappropriate content but the newspaper is under no obligation to do so. Comment posters are solely responsible under the Communications Decency Act for comments posted on this Web site. Oahu Publishing Inc. is not liable for messages from third parties.
IP and email addresses of persons who post are not treated as confidential records and will be disclosed in response to valid legal process.
Do not post:
- Potentially libelous statements or damaging innuendo.
- Obscene, explicit, or racist language.
- Copyrighted materials of any sort without the express permission of the copyright holder.
- Personal attacks, insults or threats.
- The use of another person's real name to disguise your identity.
- Comments unrelated to the story.
If you believe that a commenter has not followed these guidelines, please click the FLAG icon below the comment.