Hackers using Starbucks app to drain bank accounts, credit cards and PayPal accounts
Hackers are stealing money from the credit cards, bank and PayPal accounts of Starbucks customers by hacking into their Starbucks mobile apps.
The Starbucks app allows customers to make purchases at Starbucks with their phones, check their Starbucks Card balances, transfer funds to their Starbucks Cards and transfer funds between cards, according the app’s description on iTunes.
Hackers have discovered that apps such as these that store consumers’ credit card numbers and other personal information are easier to steal money from than financial institutions. They can drain money from the Starbucks app by siphoning off funds from Starbucks Cards, transferring funds to Starbucks Cards or creating new Starbucks Cards, and repeating the process. By enabling the app’s auto-reload function to drain funds, hackers can steal hundreds of dollars in a matter of minutes.
The story was first reported by consumer journalist Bob Sullivan.
Starbucks told CNN Money that the company does not believe its app was hacked and said that the incidents are more likely due to weak passwords. Starbucks suggests that its customers use unique passwords to prevent hackers from hacking into the app.
However, enabling two-step authentication — a common feature which the Starbucks app lacks that sends a text message to your phone whenever you sign in from an unfamiliar device — would have better protected Starbucks customers.
Starbucks has yet to decide whether it will add new security measures such as two-step authentication to its system. In the meantime, customers can protect themselves by creating strong passwords and by not saving their financial information in their Starbucks app accounts.