Starbucks to roll out fix for weakness in iPhone app

Jan 17, 2014 by Angel Gonzalez

Starbucks Corp. said it will soon roll out an update for its iOS mobile application, which a security expert says had a critical flaw that potentially exposed customer data to computer-savvy phone thieves.

Cyber-security researcher Daniel Wood disclosed this week that Starbucks' digital wallet for the iPhone doesn't encrypt critical customer data - including email, password and . That makes it vulnerable to a hacker or thief who physically takes someone's iPhone. Starbucks chief information officer Curt Garner, in a letter to customers posted on the company's website Thursday, acknowledged that Wood's report highlighted "theoretical vulnerabilities."

Starbucks maintains that it had already added new barriers to protect the data, though it won't elaborate for security reasons. The update to the app, Garner wrote, is being readied out of an "abundance of caution" to add extra layers of protection. "We expect this update to be ready soon," he wrote.

The company has said that the app for Google's Android mobile operating system doesn't have the flaw.

Garner wrote that there's no indication that anyone's data has been compromised. He added that Starbucks customers who think their information may have been compromised should contact the company at 1-800-23-LATTE or http://www..com/customer.

The flaw comes in the midst of rising worries about retailers' ability to safely handle , including credit card information. During the holiday season Target and Neiman Marcus suffered major cyber-heists.

For Starbucks, data safety is critical, especially as an increasing number of customers rely on their smartphones to store their loyalty cards. Some 11 percent of U.S. transactions in the quarter ended in September were made using the mobile app.

Explore further: Neiman Marcus is latest victim of security breach

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Pay for a latte by mobile at Starbucks

Jan 19, 2011

US coffee chain Starbucks on Wednesday began allowing customers in its US stores to keep their cash and credit cards in their wallets and pay for their drinks with mobile phones.

Starbucks teams with Square for mobile payments

Aug 08, 2012

Starbucks is pouring $25 million into electronic payments start-up Square in a partnership that expands mobile payment options at the coffee chain, the companies announced Wednesday.

Recommended for you

Enabling dynamic prioritization of data in the cloud

Apr 14, 2014

IBM inventors have patented a cloud computing invention that can improve quality of service for clients by enabling data to be dynamically modified, prioritized and shared across a cloud environment.

Uber meets local lookalikes in Asia taxi-app wars

Apr 14, 2014

Riding on its startup success and flush with fresh capital, taxi-hailing smartphone app Uber is making a big push into Asia. There's a twist, though: Instead of being the game-changing phenomena it was in ...

User comments : 0

More news stories

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Unlocking secrets of new solar material

(Phys.org) —A new solar material that has the same crystal structure as a mineral first found in the Ural Mountains in 1839 is shooting up the efficiency charts faster than almost anything researchers have ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

New US-Spanish firm says targets rich mobile ad market

Spanish telecoms firm Telefonica and US investment giant Blackstone launched a mobile telephone advertising venture on Wednesday, challenging internet giants such as Google and Facebook in a multi-billion-dollar ...