Starbucks said late Thursday it has rolled out an updated iOS mobile app after a security expert found a critical flaw that potentially exposed customer data to computer-savvy phone thieves.
Cybersecurity researcher Daniel Wood disclosed this week that Starbucks’ digital wallet app for the iPhone didn’t encrypt critical customer data — including email and password. That made it vulnerable to a hacker who physically gets ahold of someone’s iPhone.
Starbucks chief information officer Curt Garner, in a letter to customers posted on the company’s website early Thursday, acknowledged that Wood’s report highlighted “theoretical vulnerabilities.”
He added that an update was being deployed out of “an abundance of caution” to add extra layers of protection to changes the company had already made to protect the data.
- WWU cancels classes Tuesday after racial threats on social media
- Seahawks re-sign Bryce Brown in Marshawn Lynch’s absence
- Teen, one of 14 siblings, finally gets to be a kid
- Report: Seahawks’ Marshawn Lynch has surgery Wednesday, could be back by late December
- Like Marshawn Lynch, Seahawks’ Thomas Rawls craves contact
Most Read Stories
Starbucks won’t elaborate on those changes for security reasons.
Late Thursday a spokesman confirmed the updated app was live.
Wood, the cybersecurity expert, had said that the previous version of the app could potentially expose credit card data as the information logged in clear text contained a field for a credit card number. Starbucks says that credit card information has always been encrypted.
The company has said that the Android app doesn’t have the flaw.
Garner wrote that there’s no indication that anyone’s data has been compromised. He added that Starbucks customers who think their information may have been compromised to contact the company at 800-23-LATTE or www.starbucks.com/customer.
The flaw, which Starbucks says affected only the iOS application, comes in the midst of rising worries about retailers’ ability to safely handle customer data, including credit-card information. During the holiday season Target and Neiman Marcus suffered major cyberheists.
For Starbucks, data safety is critical, especially as an increasing number of customers rely on their smartphones to store their loyalty cards. Some 11 percent of U.S. transactions in the quarter ended in September were made using the mobile app.
Ángel González: 206-464-2250 or firstname.lastname@example.org.