Starbucks updates app to avoid 'potential risk'
After security security experts said Starbucks' mobile payment app makes it easy for hackers to access customers' geological data and password information, the coffee chain updated its app with extra layers of protection with "additional performance enhancements and safeguards."
According to reports, the previous app version could allow them to make unauthorized purchases on the card.
In a statement sent to CNBC on Thursday MIlls said "we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection."
This is an update to our original story. Here is an earlier version of the article before Starbucks updated the app:
Computerworld first reported the security hole Wednesday morning, citing security researcher Daniel Wood.
"There are multiple instances of the storage of clear-text credentials that can be recovered and leveraged for unauthorized usage of a user's account on the malicious user's own device or online at https://www.starbucks.com/account/signin," Wood said in a research note.
Starbucks said that though the report is "technically accurate ... unauthorized access to this information is safeguarded."
"Our customers' security is of the utmost importance to us, and we actively monitor for risks and vulnerabilities. While we are aware of this report, there is no known impact to our customers," said Starbucks spokesperson Linda Mills.
"To further mitigate our customers' potential risk from these theoretical vulnerabilities," she added, "Starbucks has taken additional steps to safeguard any sensitive information that might have been transmitted in this way."
Updated January 17, 2014