Starbucks Releases Security Fix for Payment App

What's Hot


The Most Sinful City in the U.S. Is … (Hint: It’s Not Vegas)Family

How a Mexican Tariff Will Boost the Cost of 6 Common PurchasesFamily

This Free Software Brings Old Laptops Back to LifeMore

How to Protect Yourself From the ‘Can You Hear Me?’ Phone ScamFamily

Report: Walmart to Begin Selling CarsCars

Is Your TV Tracking You? Here’s How to Tell — and Prevent ItAround The House

Trump Scraps FHA Rate Cut — What Does It Mean for You?Borrow

Where to Sell Your Stuff for Top DollarAround The House

11 Staging Tips to Help You Get Top Dollar When Selling Your HomeAround The House

8 Tuition-Free U.S. CollegesCollege

10 Overlooked Expenses That Ruin Your BudgetFamily

4 Car Insurers That Might Raise Rates Even When the Accident Wasn’t Your FaultCars

How to Invest If Trump Kills the ‘Fiduciary Rule’Grow

20 Simple Hacks to Make Your Stuff Last LongerAround The House

12 Surprising Ways to Wreck Your Credit ScoreBorrow

In exchange for convenience, an earlier version of the app made an iPhone owner's Starbucks account information easily available to anyone who stole the phone.

Rest easy, Starbucks iOS mobile payment users: Download the company’s new app and your password and confidential account information will be safe.

Starbucks spokesperson Maggie Jantzen wrote in response to our earlier story about the security concerns that arose about the app. Jantzen tells us the company fixed the app, which previously had stored user names, passwords, GPS locations and other confidential customer information in an insecure clear text format.

Customers are urged to download the updated app for what Jantzen says is an “extra layer of protection.”

In addition, Jantzen directed us to an official Starbucks statement by the company’s chief information officer, Curt Garner, which says, in part:

1. We have no indication that any customer has been impacted by this or that any information has been compromised

2. Last week we added safeguards to protect against the theoretical vulnerabilities raised by [security researcher] Daniel Wood.

3. [We] released an update for the app that will add extra layers of protection, and are encouraging customers to download it as an additional safeguard.

The previous version of the app would allow anyone to plug the phone into a computer for just a few seconds and access sensitive information about the account holder and his or her location history, reports NBC News. The app would also have allowed unauthorized users to make purchases.

Wood, who originally uncovered the security misstep, tells Computerworld that the issues are resolved.

Computerworld also says:

It should be pointed out, though, that Wood is no longer the independent security researcher that he was two days ago, since Starbucks has now brought him on as a security consultant, along with the standard nondisclosure agreement. Wood said it is, at this time, an unpaid role.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!

💰🗣📰

Read Next: 25 Ways to Spend Less on Food

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,878 more deals!