Weak passwords allowing hackers to steal money from Starbucks app users
Users of the official Starbucks mobile app are being targeted by hackers, with connected PayPal, debit card and bank accounts being relieved of, in some cases, hundreds of dollars. Once an account has been infiltrated, the criminals create a gift card, load it up at the holder's expense, and transfer the funds to themselves as if they were sending a gift. To add insult to injury, those afflicted are also met with a deluge of automated emails, with messages running along the lines of "Your eGift Just Made Someone's Day."
Starbucks has acknowledged that a number of its customers have been scammed in this manner, although vehemently denies any wrongdoing. The world's largest coffeehouse insists that there has been no security breach from its end, and instead, believes that customers with weaker passwords have left themselves susceptible to intrusion.
According to consumer advocate and cyber-crime commentator Bob Sullivan, who first broke this story, Starbucks' 'auto-reload' feature is at least partially culpable in many cases, permitting thieves to steal hundreds of dollars from linked credit cards "in a matter of minutes."
As you may have gleaned, auto-reload is an optional function that automatically tops up an account once the balance hits zero, which is good if you're a regular Starbucks-goer and don't want the hassle of incessantly adding credit. But the catch here, is that once hacked, the auto-reload threshold can be increased, meaning a criminal can repeat the process but inject larger sums into the account from the linked payment method.
The simplicity of auto-reload means that hacked accounts can be stripped of a lot of money in a very short period, and as such, Sullivan recommends that all Starbucks customers immediately disable the feature.
As well as halting auto-reload, an alphanumeric password with plenty of symbols and capital letters is always advised no matter what one may be signing up to. Moreover, using the same pass-phrase on more than one occasion should also be avoided, since it means that if the code is cracked, only that account is at risk of being compromised.
So, if you are as partial to convenient passwords as you are a double espresso, ensure that your Starbucks password is secure and impossible for anybody else to guess. This concerted effort appears to have targeted Starbucks customers, but it could happen to any app or service dealing with your money, so go ahead and check out our round-up of 5 free password managers for iOS and Android to help you stay protected.