A string of hacking incidents has put Starbucks mobile customers on high alert. Hackers have been locking users out of their mobile accounts before proceeding to fraudulently use any preloaded gift cards or saved credit card information for their personal gain.
These incidents are especially concerning for customers who use the “auto-refill” feature. When enabled, this feature allows hackers to continuously siphon money from a user’s bank account. Some customers using “auto-refill” have reported having their bank accounts drained of hundreds of dollars in a matter of minutes.
Independent journalist, Bob Sullivan, first reported the attack on May 11. Sullivan explained that this event should be taken seriously due to the potential size of the attack.
“The fraud is a big deal because Starbucks mobile payments are a big deal. Last year, Starbucks said it processed $2 billion in mobile payment transactions, and about 1 in 6 transactions at Starbucks are conducted with the Starbucks app.”
Cybersecurity experts suspect these rouge charges stem from poor password security. Many hackers will buy stolen login credentials, many stolen from data breaches, from online black markets and test them on other online accounts, such as the Starbucks mobile app. Seeing as 55% of web users reuse the same password for most of their online accounts, this is a very effective technique.
If you reuse passwords across multiple online accounts you should take preventive measures immediately.
What Should You Do?
1. Change your Starbucks password
Passwords should be unique, complex and long. Use non-dictionary words and include numbers and special characters. Never reuse passwords and change any passwords that may have been exposed in a data breach.
2. Disable “auto-refill”
While convenient, this feature is not worth the risk. If your app is ever compromised, auto-refill will provide the intruder with direct access to your bank account. Seeing as this is not the first cyber security faux pas associated with the Starbucks mobile app, it is wise to disable auto-refill.
3. Check your bank statement for inaccuracies
Review your bank account daily to detect any unfamiliar transaction. Contact your financial institution immediately if you notice any suspicious activity. Remember, fraud must be reported in a timely manner; otherwise you may be liable for the charges.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.