A recent security loophole has affected Starbuck’s customers thanks their mobile app. Read more on this story to learn how it happened and how to avoid it.
For some unlucky coffee lovers, it was not a great morning when they found that hackers were draining their bank accounts through Starbucks mobile app. Starbucks were not the prime target as many would think. The sneaky attack was aimed at users who were directly impacted by the latest Starbucks hacking incident.
Point of entry
It seems that the attacker had spotted vulnerability in Starbucks’ app that permits multiple attempts to guess the correct password.
Not only did user’s passwords become compromised, the attack exposed some users with the same ID and password for logging into other existing accounts. In theory, this could give an attacker the keys to access and “drain” your online banking accounts and other significant accounts where shopping transactions are permitted.
Considering that 18% of Starbucks’ total transactions are made via their app, its imperative for Starbucks to take corrective measures to handle this issue.
The dirty deed
It’s estimated that $2 billion dollars were made in transactions via mobile payments alone in 2014. Yet, it was incredibly easy for the hackers to carry out this hacking attack.
- The attackers managed to acquire stolen passwords and ID’s from “black-hat” sources.
- The attackers used a program to test out combinations of stolen ID and password on the Starbucks app until they successfully gain access into an account.
- These programs are believed to be sophisticated and efficient enough to process thousands of ID and password combinations every second.
- Once the attackers were able to access an account, they’d add a gift card to it.
- After adding the gift card, hackers would then typically transfer all the money from the user’s main account on the app to the gift card itself.
- The gift card is then managed entirely by the hackers who pocket all the funds.
The real danger lies on what other accounts the hacker may have access to once they’ve compromised an account through the Starbucks App. PayPal account or Credit Card details are also at risk as these can be linked to Starbucks accounts. All this can lead to unimaginable financial damage in both the short and long run.
The “Gift” card
Ever wondered what happens to the money transferred to the gift cards?
Hackers or thieves, whichever way you look at it, will sell or resell these gift cards for their face value. They sometimes fetch less on the internet, churning real dollars out of Starbucks dollars. It may be worth holding on to your real wallet for a little longer!
The whole Starbucks hacking ordeal was first reported by consumer journalist, Bob Sullivan. In fact CNN-Money was able to interview many who had experienced same scandals in the past. The interviews reveal Starbucks slacking on security procedures by not having enough secure authentication processes in place for transactions. For instance, transactions involving those who deposit money onto gift cards or initiate money transfers from bank accounts.
How to stay protected
If ever you’ve been a victim of such a scam, then we suggest you put in a complaint about it to Starbucks ASAP. They will most likely investigate the matter; however you may be prompted to take it up with you bank or PayPal.
Also be sure to update, cycle and change your passwords at your earliest convenience. If you suspect your account details were stolen, your old account credentials may have been sold under scheming “underground” trade sites that buy lists of user credentials.
Many customers have uninstalled the Starbuck’s app and have started to pay with cash or with credit/debit cards. We suggest you follow this advice too until tighter security measures are put in place.
For more ways to safeguard your personal data, contact your local IT professionals.
