It was recently published that Starbucks' app, a very popular mobile application for payment at Starbucks coffee shops saved customers' usernames, passwords and other personal information in plain text.
That means that a hacker could have picked up a left-behind phone, plugged it into a laptop and easily recovered a Starbucks customer's password without even knowing the smartphone's PIN code.
While Starbucks announced that they fixed the vulnerability, this incident reminds us again how shaky passwords are. Assuming an attacker would get access to Starbucks password. That would probably be painful for the user, which may have his credit card and personal data exposed. But could it also be a threat to his organization?
Well, this could potentially be the case, as people tend to use the same passwords across websites and services. Your users keep on using bad passwords, as Splash Data's annual repost just revealed: While "Password" is no longer the no 1 most used password across the web, it was just replaced by "123456" which is arguably as bad if not worse. This makes us wonder if employees reuse the same easy to guess passwords also for their corporate accounts.
Will you be able to tell if events like an employee sitting at a Starbucks cafe, forgetting his cell phone on the table and having a street hacker tap into his Starbucks app also put your organization at a risk? Can you easily tell when users credentials are compromised in those events that take place on a daily basis?