Customers should ensure the mobile apps they get from companies like Wal-Mart or Starbucks are secure. In fact, a recent investigation showed Starbucks's app left data about customer usernames and passwords in plain text, . And Wal-Mart's app exposed passwords, email addresses and geolocation details for anyone to read if they knew how to hack the application. The information on the app was completely unencrypted, and anyone logging into public Wi-Fi was at risk for being hacked, .
Among other security holes in the Wal-Mart app, the program included an extensive list of products that have been scanned by the device, so hackers would know what customers recently looked at and purchased.
Additionally, it allowed hackers to access Wal-Mart's development server password, which has since been deactivated. The username was "Mobile," and the password was "1111." The developer credentials were "[email protected]," and the password was "password."
Computerworld notes Wal-Mart's cyber-defense gaps could be due to a lack of security testing. In other words, companies like Wal-Mart and Starbucks (as well as many others with easily hacked apps) do not hire people to try to hack their devices in order to find bugs and glitches before releasing them for public use. In fact, Wal-Mart seems to have been using scripted programs to simulate hacking attempts, according to Computerworld.
Wal-Mart since corrected many of the problems in updates to its software.
Starbucks Was Another Company With an Unsecured App
It would seem Starbucks might have been running into the same issue with a lack of proper testing. PCMag reported Starbucks's app stored names, email addresses and passwords in clear text. Hackers could access the information by plugging a smartphone with the Starbucks app into a PC and looking at the files on the app.
Starbucks maintains its systems were not breached by any known users of the application. Additionally, the company said it found a way to fix the problem, although it hasn't explained which method it used.
"While we are aware of this report, there is no known impact to our customers," a Starbucks spokesperson said in a statement. "To further mitigate our customers' potential risk from these theoretical vulnerabilities, Starbucks has taken additional steps to safeguard any sensitive information that might have been transmitted in this way."
Starbucks since released an updated version of the mobile app for iOS, which includes password protection and other security measures.