The popular app allows Starbucks customers to purchase drinks and food directly from their smartphones. It saves usernames, passwords and other personal information in plain text.
That means a hacker could pick up a left-behind phone, plug it into a laptop and easily recover a Starbucks customer’s password without even knowing the smartphone’s pin code.
Starbucks officials acknowledge the vulnerability, but say at this point no customers have reported being hacked.
Officials say about 10 million people use the Starbucks app.