One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The severity rating of the vulnerability was set to critical as the key allowed access to a Starbucks JumpCloud API.
Source: Bleeping Computer