If you are addicted of Starbucks coffee and using its official iOS app, so attention-your information being stored is vulnerable to hackers easily.
Every information you are entering into the Starbucks app is vulnerable which also includes your payment information, passwords too, well your information could be used for any unauthorized purchases on the card.
This loop hole was discovered by a security researcher named “Daniel E. Wood” (CVE-2014-0647) in STARTBUCKS v2.6.1. iOS mobile application and the flaw also able to expose your GPS Location also.
All the information was being stored in plain text format without any encryption.
To Expose your information, attacker just need to go below:
/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog
After the revelation of this security flaw, Starbucks comes in action and accepted some technical flaws and replied:
We’d like to be clear: there is no indication that any customer has been impacted by this or that any information has been compromised. Regardless, we take these types of concerns seriously and have added several safeguards to protect the information you share with us.
After the statement, an updated version of their app was released, so if you are using Starbucks app-please update your app NOW.
