CATEGORIES
home News

Starbucks and Neiman Marcus Also Hacked During The Holidays, When Will We Take Security Seriously?

by Rob WilliamsSaturday, January 18, 2014, 02:20 PM EDT

Over the holidays, popular retailer Target admitted that it had been breached, with data of up to 40 million customers stolen. Weeks later, that number skyrocketed to 110 million. As we can now see, while it was Target that dominated the security headlines this past month, two other incidents seemingly flew under the radar, involving Starbucks and Neiman Marcus.

Between these two incidents, I can't even decide which one is worse - both companies involved should be hugely embarrassed. On the Neiman Marcus side, its servers had been compromised as far back as last July, with the company finally noticing the issue in December. That's right - it took a full five months for the company to recognize this gaping hole. The worst of it is, credit card numbers had been taken and used; this isn't one of those stories where we're talking about what could have happened.

Because of this breach, Neiman Marcus is required to answer 10 sets of questions from Florida's Attorney General Pam Bondi, after which we should learn more about what lacking security measures allowed such a breach to take place. While credit card numbers were apparently lifted over the time the systems were compromised, the company says that birth dates and social security numbers should be safe.

It doesn't seem that Starbucks' flaw led to customer data being compromised, but the issue is no less embarrassing. In effect, due to a flaw in its iOS app, Starbucks stored customer login information in plain text. Something like this wouldn't have been too surprising to learn of more than ten years ago, but in an age where even MD5 hashing is considered not enough, it's outright ridiculous.

Here's what's appalling: Starbucks just issued the update to correct this problem - a problem that we now find out it knew about since last May. Seriously. Starbucks might just be a coffee shop, but if a customer had cash in their account, anyone who gained access to this plain-text password could have enjoyed a Venti triple-shot Caramel Macchiato on their dime.

As I mentioned above, both of these incidents are mind-boggling, and the fact that they were allowed to happen shows the absolute disregard both companies have for their customer's security. For it to take five months for a breach to be discovered is ridiculous, and for a company to take more than half a year to patch a known issue might be just as ridiculous.

Across Target, Neiman Marcus, and Starbucks, that's three fatal flaws discovered in just the past month. When on earth are companies going to begin taking their customer security seriously? It's somewhat understandable if a breach occurs when good security measures are in place, but as evidenced by Neiman Marcus and Starbucks, ineptitude was the reason here, and that's inexcusable.

Tags:  security, Privacy, Enterprise, (NASDAQ: SBUX), NMG: US, NYSE: TGT
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment