A vulnerability in Starbucks mobile app could be putting coffee drinkers information including their usernames, email addresses and passwords at risk. The problem stems from the way session.clslog, the Crashlytics log file, handles those credentials in the event of a crash. A Minneapolis-based security researcher and pen tester discovered the vulnerability last year, reported it to Starbucks in December but has yet to hear from the company regarding a fix. The vulnerability exists in the most recent build of the app, version 2.6.1 for iOS.
Source: https://threatpost.com/starbucks-app-stores-user-information-passwords-in-clear-text/103649/