Starbucks has acknowledged that a number of its customers have been scammed in this manner, although vehemently denies any wrongdoing. The world's largest coffeehouse insists that there has been no security breach from its end, and instead, believes that customers with weaker passwords have left themselves susceptible to intrusion.
According to consumer advocate and cyber-crime commentator Bob Sullivan, who first broke this story, Starbucks' 'auto-reload' feature is at least partially culpable in many cases, permitting thieves to steal hundreds of dollars from linked credit cards "in a matter of minutes."
As you may have gleaned, auto-reload is an optional function that automatically tops up an account once the balance hits zero, which is good if you're a regular Starbucks-goer and don't want the hassle of incessantly adding credit. But the catch here, is that once hacked, the auto-reload threshold can be increased, meaning a criminal can repeat the process but inject larger sums into the account from the linked payment method.
The simplicity of auto-reload means that hacked accounts can be stripped of a lot of money in a very short period, and as such, Sullivan recommends that all Starbucks customers immediately disable the feature.
As well as halting auto-reload, an alphanumeric password with plenty of symbols and capital letters is always advised no matter what one may be signing up to. Moreover, using the same pass-phrase on more than one occasion should also be avoided, since it means that if the code is cracked, only that account is at risk of being compromised.
So, if you are as partial to convenient passwords as you are a double espresso, ensure that your Starbucks password is secure and impossible for anybody else to guess. This concerted effort appears to have targeted Starbucks customers, but it could happen to any app or service dealing with your money, so go ahead and check out our round-up of 5 free password managers for iOS and Android to help you stay protected.