Earlier this week, Starbucks felt some heat from the public sector when an independent security researcher named Daniel Wood uncovered a security vulnerability in the coffee chain’s mobile payment application. According to Wood’s research, which was published to the web on Tuesday, the app failed to aptly protect sensitive customer information, including usernames, passwords, email addresses, and locations. Wood was able to use the Starbucks app to crack private information in less than 30 minutes, and theorized that the method could be utilized by phone thieves looking to take advantage of a Starbucks app linked to a credit or debit card account.

Supposedly, Wood initially discovered the security oversight back in November, reaching out to Starbucks in an attempt to encourage a security overhaul. However, despite Wood’s warnings – and despite prominent news headlines about major chain stores like Target exposing customer information – Starbucks opted to leave the problem uncorrected. When asked about the problem recently, the coffee company stated that it had fixed the app and corrected the problem. However, Wood found that this statement was false, an instance of corporate dishonesty that encouraged him to finally go public about the security flaw.

With the public made aware of the flawed mobile application, Starbucks had little choice but to respond and finally fix the problem. According to a report from the LA Times, the company on Thursday released an update for its iPhone mobile payment app that adds extra “layers of security” meant to better protect customer information from intruders. Starbucks declined to comment on the finer technical details of the app, wanting to keep the secrets of the program away from potential hackers and other cyber intruders. However, the company did express hope that Wood would test the app and issue an “all clear” statement regarding the security questions he raised earlier in the week.

Wood has not yet said yay or nay on the Starbucks application update. However, it’s unlikely that Starbucks would risk releasing a sub-par program at this point. The coffee chain is in the national limelight, with fear over cyber attacks and identity theft running high in the wake of the Target hack disaster. While Starbucks stated that it didn’t believe any of its customers had been compromised thanks to the weaknesses in its payment app, the potential was certainly there.

According to Wood’s research, the old version of the Starbucks app stored customer data thanks to a software called Crashlytics. Crashlytics logs information in order to assist with correcting unforeseen program errors. Generally, companies that use Crashlytics in their software don’t allow the program to log sensitive information. Starbucks, however, didn’t take such a security measure, meaning that a phone thief could potentially use the Starbucks app to uncover passwords. Then, since many people use the same two or three passwords for all of their accounts, the intruder could theoretically break into every other app on the phone, from email and social accounts to mobile banking apps.