Hackers have found a way to access the accounts of some U.S. and Canadian Starbucks customers who use a Starbucks card or the Starbucks mobile application. It appears they are targeting customers who use weak passwords to protect their accounts. Once the account has been hacked, the fraudsters change the email address and password and transfer funds to another account. The hackers are also looking for customer accounts that have the auto-refill function attached to their account, allowing the Starbucks card to be reloaded with money that is charged to a credit card on file.
Once the hackers have changed the account access, they load up physical Starbucks gift cards, as well as digital ones, using the customers’ account loading function. They then monetize the cards by selling them on the black market for a fraction of their value.
Starbucks officials are insisting that the attacks do not center on their mobile application. Spokeswoman Maggie Jantzen is quoted as telling investigative reporter Bob Sullivan:
What you’re describing is not connected to mobile payment – linking the two is inaccurate. We take the obligation to protect customers’ information seriously and have safeguards in place to constantly monitor for fraudulent activity, working closely with financial institutions like all major retailers. For obvious reasons, we are unable to discuss specific security measures. Our customers’ security is incredibly important to us and we take all these concerns seriously.
Some things you can do to help protect yourself against hacker attacks to your Starbucks account:
- Change your username/password
- Use different username/password for different online accounts
- Use a strong password – click here for more information on setting passwords
- Check your account regularly for irregular activity, in particular during off hours since hackers will often attack when Starbucks customer service offices are closed.
- Be aware that if you are a victim of fraud on your Starbucks account, you will not be responsible for the charges.
Many people like the convenience of mobile payment applications, like the ones offered by Starbucks, and even though there may not yet be a conclusive link between this hack and the mobile application, consumers should still be aware that this type of payment convenience could carry some security risks.
Outdated, unused electronic data containing devices can also pose security risks if not handled properly. One misplaced or missing hard drive could be considered a data breach and could result in fines. Our mission is to serve companies by responsibly and securely destroying the data on their data containing devices. If necessary, we can even provide certificates of data destruction for a small fee while responsibly recycling all your unwanted electronics. Contact us today for more information on our data destruction services or to schedule a pick up of your electronic waste for recycling.