After the whole incident that affected Target customers nationwide, consumers are now much more concerned about someone getting their hands on personal data. According to Engadget its unlikely culprit, but they have unveiled in an post that the Starbucks mobile-payment app is reportedly saving user data, including email addresses, passwords and even your GPS location in plain text.
Basically this means that anyone who has access to your phone and a computer can download your private data. The flaw with the app was actually confirmed to Computerworld by company executives. A security researcher Daniel Wood discovered the unencrypted information last year. He then re-tested an updated version the app, which Starbucks claims now includes “adequate security measures,” only to find that the same information is still easily accessible.
A log file also includes GPS coordinates that are captured every time you search for a nearby Starbucks store. Of course, the global caffeinator’s mobile application isn’t free of other weaknesses, too — payments are processed by scanning an on-screen barcode, which can be reproduced and used to drain your account by anyone close enough to photograph your phone.