Hackers Figure a Way into Starbucks App

Credit card hackers are targeting the Starbucks gift card and mobile payment users and stealing from customers’ credit cards easily.

The Starbucks app is making it effortlessly easy for hackers to siphon money from customers’ credit cards as well as bank and PayPal accounts. The Starbucks app is a hugely popular application with roughly 16 million users and it allows customers to link their bank accounts and credit cards to their Starbucks account. It can also reload gift cards by drawing funds from these very accounts.

An expensive latte

Hackers are using Starbucks accounts to access consumers’ linked credit cards. In taking siege of the auto-reload option – a vulnerability, they have the ability to steal hundreds of dollars in a matter of minutes. It’s an ingenious scam, because the crime is in essence, so simple. The hackers then sell these gift-cards on the black market.

Starbucks mobile payments are hugely significant in the big picture. Last year alone, Starbucks said that consumers loaded some $4 billion into gift cards. The coffee giant also said more than 16 percent of all mobile transactions were mobile based.

Maria Nistri, 48, was a victim of the hack last week. Criminals stole the $34.77 gift card value from her Starbucks app, then another $25 because of the auto-load feature. They then changed to auto reload amount to $75 and made away with that amount too. All of this happened within seven minutes.

“I don’t know why Starbucks would recommend people do auto-reload when this crime is so easy,” she said.

Here are some safeguards that’ll help keep account details from getting compromised:

  • Activate all security software settings on any device with apps
  • Ensure banking information is locked and not accessible
  • At first suspicious activity, deactivate those apps and accounts immediately

“Because Starbucks isn’t answering specific questions about the fraud, I cannot confirm precisely how it works, but I have informed speculation, based on conversations with an anonymous source who is familiar with the crime. The source said Starbucks was known to be wrestling with the problem earlier this year. Essentially, any criminal who obtains username and password credentials to Starbucks.com can drain a consumer’s stored value, and attack their linked credit card,” says Bob Sullivan, a security blogger.

“I recommend all Starbucks consumers immediately disable auto-reload on the Starbucks mobile payments and gift cards,” Sullivan said.

Starbucks denies that its mobile app has been hacked, stressing the importance of account security. In a statement, it said:

“Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions. To protect the integrity of these security measures, Starbucks will not disclose specific details but can assure customers their security is incredibly important and all concerns related to customer security are taken seriously.”

If you haven’t done it already, change your Starbucks account password with a stronger one. Immediately.