In a case of “don’t shoot the messenger” a security researcher is under fire from Starbucks because he found a vulnerability and brought it to their attention. Here’s what the BBC had to say on this:
Egor Homakov found a flaw that let him duplicate funds on a gift card, which he spent in a store to test his theory.
He told Starbucks so they could fix the flaw, but said that the company had then called his actions “malicious”.
“The unpleasant part is a guy from Starbucks calling me with nothing like “thanks” but mentioning “fraud” and “malicious actions” instead,” he wrote.
Now keep in mind that Starbucks and IT security have been mutually exclusive terms for a while now seeing as their iOS app had to be fixed because of the way that passwords were stored on it. But this only happened after their handling of the issue turned into a bit of a gong show. And more recently users were having their accounts drained and Starbucks blamed the users for their own misfortunes. So the fact that Starbucks basically shot the messenger when it comes to this latest issue doesn’t surprise me. If I were Starbucks, I’d want people like Mr. Homankov to come forward and point out flaws like this. That way I could make the customer experience better by having a more secure environment. But clearly Starbucks doesn’t feel that way. That’s very disappointing.
Starbucks really needs to change their thinking when it comes to the security of their payment systems. If they don’t, they will find that people will continue to find holes and not all of them will be as altruistic as Mr. Homakov. That will ultimately drive people away from buying coffee at Starbucks because they aren’t secure and everyone will know about it.
So how about it Starbucks?
Like this:
Like Loading...
Related
This entry was posted on May 25, 2015 at 10:09 am and is filed under Commentary with tags Hacked, Starbucks. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Starbucks Gets Mad At Security Researcher Who Exposed Vulnerability
In a case of “don’t shoot the messenger” a security researcher is under fire from Starbucks because he found a vulnerability and brought it to their attention. Here’s what the BBC had to say on this:
Egor Homakov found a flaw that let him duplicate funds on a gift card, which he spent in a store to test his theory.
He told Starbucks so they could fix the flaw, but said that the company had then called his actions “malicious”.
“The unpleasant part is a guy from Starbucks calling me with nothing like “thanks” but mentioning “fraud” and “malicious actions” instead,” he wrote.
Now keep in mind that Starbucks and IT security have been mutually exclusive terms for a while now seeing as their iOS app had to be fixed because of the way that passwords were stored on it. But this only happened after their handling of the issue turned into a bit of a gong show. And more recently users were having their accounts drained and Starbucks blamed the users for their own misfortunes. So the fact that Starbucks basically shot the messenger when it comes to this latest issue doesn’t surprise me. If I were Starbucks, I’d want people like Mr. Homankov to come forward and point out flaws like this. That way I could make the customer experience better by having a more secure environment. But clearly Starbucks doesn’t feel that way. That’s very disappointing.
Starbucks really needs to change their thinking when it comes to the security of their payment systems. If they don’t, they will find that people will continue to find holes and not all of them will be as altruistic as Mr. Homakov. That will ultimately drive people away from buying coffee at Starbucks because they aren’t secure and everyone will know about it.
So how about it Starbucks?
Share this:
Like this:
Related
This entry was posted on May 25, 2015 at 10:09 am and is filed under Commentary with tags Hacked, Starbucks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.