Starbucks Releases Security Fix for Payment App

What's Hot

Do This or Your iPhone Bill May SkyrocketSave

23 Upgrades Under $50 to Make Your House Look AwesomeAround The House

Trump Worth $10 Billion Less Than If He’d Simply Invested in Index FundsBusiness

11 Places in the World Where You Can Afford to Retire in StyleMore

What You Need to Know for 2017 Obamacare EnrollmentFamily

8 Things Rich People Buy That Make Them Look DumbAround The House

32 of the Highest-Paid American SpeakersMake

Amazon Prime No Longer Pledges Free 2-Day Shipping on All ItemsMore

More Caffeine Means Less Dementia for WomenFamily

9 Tips to Ensure You’ll Have Enough to RetireFamily

30 Awesome Things to Do in RetirementCollege

5 Spots Where Retirees Can Live for Less Than $40,000Real Estate

10 Ways to Reduce Your Homeowner’s Insurance RatesFamily

10 Ways to Pull Together the Down Payment for a HomeCredit & Debt

Chew on This: The Story Behind Your Hershey’s Halloween TreatsBusiness

In exchange for convenience, an earlier version of the app made an iPhone owner's Starbucks account information easily available to anyone who stole the phone.

Rest easy, Starbucks iOS mobile payment users: Download the company’s new app and your password and confidential account information will be safe.

Starbucks spokesperson Maggie Jantzen wrote in response to our earlier story about the security concerns that arose about the app. Jantzen tells us the company fixed the app, which previously had stored user names, passwords, GPS locations and other confidential customer information in an insecure clear text format.

Customers are urged to download the updated app for what Jantzen says is an “extra layer of protection.”

In addition, Jantzen directed us to an official Starbucks statement by the company’s chief information officer, Curt Garner, which says, in part:

1. We have no indication that any customer has been impacted by this or that any information has been compromised

2. Last week we added safeguards to protect against the theoretical vulnerabilities raised by [security researcher] Daniel Wood.

3. [We] released an update for the app that will add extra layers of protection, and are encouraging customers to download it as an additional safeguard.

The previous version of the app would allow anyone to plug the phone into a computer for just a few seconds and access sensitive information about the account holder and his or her location history, reports NBC News. The app would also have allowed unauthorized users to make purchases.

Wood, who originally uncovered the security misstep, tells Computerworld that the issues are resolved.

Computerworld also says:

It should be pointed out, though, that Wood is no longer the independent security researcher that he was two days ago, since Starbucks has now brought him on as a security consultant, along with the standard nondisclosure agreement. Wood said it is, at this time, an unpaid role.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: 7 Ways to Save More at Big Lots

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,707 more deals!