Security flaw found in Starbucks iOS digital wallet app

Popular US-based coffee vending giant Starbucks has discovered a big security flaw in its iOS digital wallet application. Daniel Wood, the security researcher discovered the flaw in question back in November 2013 when the app’s deconstruction revealed that the data of users was being kept unencrypted in the application.


This means that any thief or hacker could easily connect the phone to a computer and extract user names and passwords, in addition to building up a picture of the user’s movements and routine. Wood first attempted to warn the coffee giant Starbucks in November 2013, but was repeatedly put on hold and then decided to publish his findings online.

Reports are saying that the company was not very shocked at the latest news. Adam Brotman, the company’s chief digital officer said, “We were aware… That was not something that was news to us.” Brotman went on to say that they have put security measures in place in order to alleviate the problem, but he did not reveal what those measures are exactly.

Later on, Wood re-ran the tests after the remarks from Brotman were announced and found that he could still access the data in plain text, along with the geolocation file.

Photo Credits: Odysseyinc

To Top