Starbucks are corrected seriously defects which could allow an attacker to steal user credit cards.
Mohamed M. Fouad, an Information Security Consultant from SecureMisr, discovered a serious security flaw in Starbucks, which could allow an attacker to steal user credit cards and allow remote code execution.
"I discovered many critical security gaps in Starbucks, which could lead to very harmful effects for all users, allowing malicious attackers to change user passwords, add alternate email addresses or change their store profiles. them and steal their saved credit cards. They can also execute phishing attacks on users and allow remote code execution on Starbucks servers, ”the Egyptian researcher said in a blog post.
According to the researcher, the Remote File Inclusion vulnerability occurs when a file from any location can be injected into the target page and included as source code for analysis and execution.
- Running code on the web server.
- Data theft / phishing manipulation in order to steal user accounts that contain credit cards and information for payment orders.
The researcher began his research a year ago when there was a Zero-Day in the Starbucks iOS Mobile Application and a "Dangerous Data Storage" vulnerability was detected.
While he was looking for hacking news about Star Bucks he found another vulnerability two months ago allowing attackers to steal Starbucks gift cards from users and to double the amounts in Starbucks gift cards.
Still, Star bucks says it has corrected them vulnerabilities.