CNNMoney reports that thieves have been exploiting the Starbucks mobile app and using people’s weak passwords to gain access to their bank accounts via the app and drain all their money.
Starbucks admitted yesterday that they were aware of the issue of criminals breaking into people’s Starbucks rewards accounts via the app, which can be used to pay for your coffee and other goods at the checkout.
The app has the facility to reload Starbucks gift cards with an automatic withdrawal of funds from a user’s bank account, credit card, or PayPal account.
Criminals are taking advantage of this to hack into a person’s online Starbucks account, add a new gift card, siphon the money over, and keep repeating every time the card reloads until they’ve stolen all the hapless person’s money.
Consumer journalist Bob Sullivan was the first to report on the issue. CNNMoney says that it has interviewed several Starbucks customers who have all lost money in this way. “Now, I just pay with my credit card or cash,” said one customer Jean Obando. “I can’t trust Starbucks with my payment information anymore.”
Starbucks told CNNMoney that the company had not been hacked, and had not lost any customer data, and that the problem was caused by customers having weak passwords. Starbucks has promised to reimburse the customers affected, but will not say as yet if it is also making efforts to add new security measures to the service.
Source: Hackers are draining bank accounts via the Starbucks app - May. 13 2015