Starbucks iOS app stores username, password in clear text

Starbucks app, which let users to pay for food and drinks using their smartphone, could be putting user's personal information including usernames, passwords at risk.

A Security researcher has discovered the lack of security in the iOS app.  He found that the app is storing the username, email address and password in unencrypted format.

It means an attacker who got access to a phone(let's say a stolen phone) is able to extract the data from the phone.  The extracted data can be used for logging into the Startbucks.

"To prevent sensitive user data (credentials) from being recovered by a malicious user, output sanitization should be  conducted to prevent these data elements from being stored in the crashlytics log files in clear-text, if at all." researcher said.

Share this with Your friends: