A security expert has disclosed that the payment app could be easily compromised if your phone is stolen.
Does this admission shock you? When a security expert revealed this week how lax the security is on Starbucks’ payment app, the company said: “That was not something that was news to us.”
The security expert, Daniel Wood, said that user passwords, email addresses, user names and GPS location files are stored in clear text in Starbucks’ mobile payment app.
What does that mean to you, Starbucks customer? Plenty, if your phone is stolen. Explains the Los Angeles Times, “By connecting the device to a computer, [thieves] could download all of the information above within 30 minutes, whether the smartphone is protected with a security code or not.”
Starbucks doesn’t encrypt the information or store it on its servers because then customers would have to log in every time they use the app to pay for coffee, says the Times. What a dreadful inconvenience that would be!
This is the most widely used payment app in the U.S., Computerworld says.
You’d think a company would do better than that. Still, a Computerworld reader pointed out, this isn’t in the same ballpark as the massive data breach at Target, where the information of up to 110 million customers was compromised.
How can you protect yourself from the Starbucks app? Don’t allow the app to automatically dip into your bank account for more funds. And don’t use your Starbucks password for any other accounts.