Here’s a warning to those of you looking to rack up more stars: Starbucks iOS App doesn’t keep your account information encrypted, which could leave your password and other personal information at risk.
Computer World reports that the Starbucks app for iOS that many use to track their coffee purchases doesn’t use encryption when storing your login information. Every time you enter your Starbucks username and password, the app stores is in plain text. This means that any tech savvy thief who happens to plug your iPhone into a computer can easily retrieve your username and password. Until Starbucks updates its app to encrypt your information, someone can snatch your Starbucks username, password, and email address if they plug your iPhone into a computer and snoop around.
Thankfully, other information such as your credit card number associated with your Starbucks app are encrypted, meaning that the information is much safer. Any application or website that stores information – but especially personal information like usernames and passwords – in plain text is risking to your digital identity, and Starbucks is far from the only culprit. Tumblr recently fixed an issue where usernames and passwords were being transmitted from phones in plain text, and Subway’s California iOS app was also recently fixed for storing a bunch of personal information in plain text.
We’re pretty sure it will be only a matter of time before Starbucks updates its app and fixes this issue. For now though, keep a close eye on your Starbucks account in case you see anything suspicious going on. Applications need to often store personal information in a cache or other part of the phone to allow the app to run smoothly, but there’s no excuse beyond laziness when they refuse to encrypt our personal information.
And again, this could be worse. Unless your phone is physically taken from you, your information should be relatively safe. Be sure that your Starbucks password is different from all other passwords you use, as well.