Starbucks' app is the most used mobile payment app in the U.S. because it's well-designed and convenient. But if you use the iOS version on your iPhone, your username, email address, password and location data could be compromised because the app stores them in plain text.
Starbucks has finally addressed this issue in a new update to the iOS versions of its app, so make sure to update as soon as possible. You can read more about the update on the Starbucks blog.
Security researcher Daniel Wood uncovered the flaw earlier this week. The good news is that someone would need physical access to your phone to get a hold of your data. The bad news is that once they have the phone in hand, it's really easy to do, even if your phone is locked with a passcode.
Starbucks has confirmed Wood's findings, but says that customers have little to worry about. They've known about the issue for a while and claim to have "adequate security measures in place now," but a subsequent test of the updated version found the same vulnerability.
So, what can you do to protect yourself until the app is fixed? The best thing you can do is keep your phone with you at all times. It's also a good idea to remove any credit or debit cards you have linked to the app to reload it.
More importantly, make sure your Starbucks account doesn't share a username and password with any of your other accounts. On the off-chance a thief grabs your phone, you don't want to give them access to your email and bank accounts, too.
If you want to make sure you're totally 100% safe, uninstall the app and go back to using a physical card or just good old-fashioned cash for the time being. It may not be as convenient, but it sure beats worrying about one more way to have your shit stolen.