Hackers target Starbucks mobile app payment system

Photo Credit: Marco Paköeningrat / Creative Commons

Technology is a double-edged sword; if it is not used properly it may cause problems. The lives of Starbucks lovers were made easier by a mobile app that allows payment for coffee or food at the Starbucks checkout counter from a mobile device—but that app has also exposed customers to attacks that could cost a lot.

The Starbucks mobile app empowers its users to reload the virtual Starbucks card with funds from a bank account, credit card or PayPal account. It is here that the ever-looming threat of security on online transactions turned into a reality. According to reports hackers have managed to exploit the Starbucks mobile app to direct funds to their own accounts using the credit cards, bank accounts and PayPal accounts of Starbucks customers in the US.

How the Hackers Intervened

According to Checkmarx, The hackers carried out the fraudulent activity to invade the online accounts of a few Starbucks customers who pay at the checkout using the app. After gaining access to the Starbucks app account, the attackers add a new gift card and transfer funds to one of their own accounts.

This process is repeated for every new reload of the original card. Victims have confirmed receiving alert messages (from PayPal accounts) about their card being refilled with some amount of money.

Victims also claim to receive an email from Starbucks stating that a new gift card was added to their account. Everything happens so quickly that by the time the victim realizes something is wrong hundreds of dollars are already transferred to the hacker’s account.

No Security Measures from Starbucks

The hacking of Starbucks customer accounts and fraudulent usage of the gift card reload feature has been happening since December last year. It started with a few cases and now many people and Starbucks are aware of this threat.

Financial institutions like PayPal and banks have received many customer complaints that are linked to the Starbucks mobile app. No security measures have been adopted by Starbucks yet to resolve the problem. However, the company has been helping customers get stolen funds reimbursed and given assurance that they would be.

Starbucks has reported that this hacking issue has occurred as customers might be using weak passwords or passwords that they already use for their other online accounts. They have requested all customers to use unique strong passwords to avoid such security lapses. Another security precaution that customers can take on their own is to deactivate the auto-reload option for their Starbucks app account.

Need for Two-step Verification Process

The reported cases of Starbucks mobile app hacking have proved that the Seattle-based company doesn’t ask for enough verification from customers while directly withdrawing funds from their linked credit cards or bank accounts.

When someone logs into the app from a different device, there is no verification process in place. Starbucks needs to have a two-step verification process in place where customers receive a message on their mobile phone when a new device is used for logging into the Starbucks app.

Do you still trust the Starbucks mobile payment system? Perhaps Starbucks should allow iPhone users to pay directly from Apple Pay rather than only allowing Apple Pay as a source for refueling the funds in the Starbucks app?

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Threads, Facebook, Instagram and LinkedIn.

View Comments (1)

  • The firm can make things easier by creating further online options for their customers to make payments online. Payment solutions like http://www.voguepay.com can easily handle their payments and online transactions. Its simple and free to integrate. Experience is talking.

Related Post