Starbucks has just confirmed that quite a few customers using the coffee-maker’s smartphone app have had hundreds of dollars stolen from their accounts through customer rewards. It may not have been an alarming concern if the theft was limited to some pre-paid account worth a few bucks, but it’s much more than that.
Apparently, this trend has been lingering around for a few months now, but it’s just now that the scale of these activities have come to the surface as CNN reports that Starbucks has just “acknowledged that criminals have been breaking into individual customer rewards accounts.” The thing with the Starbucks app is that while it lets you pay at the checkout counter with your phone using the app – and just recently Apple Pay – it can also reload the Starbucks gift cards by automatically drawing the amount from your credit card, bank account or PayPal.
This is literally a gold mine for thieves who have been breaking into a user’s Starbucks account online and adding gift cards and then transferring the funds over. Of course, with the funds transferred, the gift cards were reloaded automatically, and hence the ill-intentioned individuals continued to repeat the process. One user got notified by PayPal that his Starbucks account has been automatically reloaded with $50, followed by an email from Starbucks that started out as “Your eGift Just Made Someone’s Day.” The user received ten more similar notifications and emails later, so you see where this is going right?
Starbucks however, is suggesting that this development has nothing to do with the company accounts being hacked and has not come across any reports of user data being compromised or stolen. Instead, the company believes, it’s those weak and sometimes very standardized passwords that are to blame and customers need to put in some strong and unique credentials in place especially if they have the automatic reloading activated in the Starbucks app.
Simply switching that option off will not help, as anyone with access to the account can once again turn it on. Meanwhile, customers are questioning the security measures of the Starbucks app, as was later last year that the app reportedly stores passwords in plain text, an issue which is believed to have been fixed since then.