It took a public shaming, but Starbucks has finally updated its iOS application in an attempt to address security concerns published online earlier this week, despite ignoring previous correspondence from a security expect.
Previous to the update, the iOS application used plaintext usernames and passwords, giving “hackers” the ability to sniff out your account details and access your information.
In a blog post update, published on the official Starbucks blog, Starbucks wrote the following:
As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.
Why these companies refuse to take action until someone publishes the information online is beyond anything I can comprehend. If customer security is “incredibly important” like the company says it is in the blog post, customers shouldn’t have to hear about this kind of thing from a third party researcher.
Of course, you’ll hear the old “we’re working on it” excuse, but what’s hilarious is that once a public shaming occurs the update happens almost immediately.