Watch out, coffee drinkers. Someone might be able to buy a latte on your dime.
According to a Computerworld report on Tuesday, the Starbucks iPhone app has been storing usernames, email addresses, and passwords in plain text. That means that if you connected someone’s phone to a computer, you’d be able to see that information.
Daniel Wood, who initially found the issue, told The Verge that Starbucks hasn’t done much to fix anything, and hasn’t updated its app since May. “Anything they have done on their end won’t matter as the vulnerability lies within the application on end user devices,” he said.
UPDATE: In a statement today, Starbucks said that it will indeed update its app to close this security hole. The company insists, however, that nobody has been specifically affected by the issue. The app update will be ready “soon,” according to the statement.