Hackers are stealing money using the Starbucks app

RESTRICTIONS: NONE
For story suggestions please contact [email protected]

Hackers are stealing money from the credit cards, bank and PayPal accounts of Starbucks customers by hacking into their Starbucks mobile apps.

The Starbucks app allows customers to make purchases at Starbucks with their phones, check their Starbucks Card balances, transfer funds to their Starbucks Cards and transfer funds between cards, according the app’s description on iTunes.

Hackers have discovered that apps such as these that store consumers’ credit card numbers and other personal information are easier to steal money from than financial institutions. They can drain money from the Starbucks app by siphoning off funds from Starbucks Cards, transferring funds to Starbucks Cards or creating new Starbucks Cards, and repeating the process. By enabling the app’s auto-reload function to drain funds, hackers can steal hundreds of dollars in a matter of minutes.

The story was first reported by consumer journalist Bob Sullivan.

Starbucks told CNN Money that the company does not believe its app was hacked and said that the incidents are more likely due to weak passwords. Starbucks suggests that its customers use unique passwords to prevent hackers from hacking into the app.

However, enabling two-step authentication — a common feature which the Starbucks app lacks that sends a text message to your phone whenever you sign in from an unfamiliar device — would have better protected Starbucks customers.

Starbucks has yet to decide whether it will add new security measures such as two-step authentication to its system. In the meantime, customers can protect themselves by creating strong passwords and by not saving their financial information in their Starbucks app accounts.

RUNDOWN SHOWS:
1. How hackers steal money from the Starbucks app
2. How to prevent hackers from stealing money from the app

VOICEOVER (in English):

“Hackers can steal money from the Starbucks app by adding a new e-gift card, transferring funds over, and repeating the process when funds are reloaded.”

“Hackers can also hack into existing gift cards and turn on the auto-reload function to drain the funds.”

“Enabling two-step authentication, which sends a text to your phone whenever you sign in from a new device, would have protected Starbucks customers”

SOURCES: CNN Money, iTunes, bobsullivan.net
http://money.cnn.com/2015/05/13/technology/hackers-starbucks-app/
https://itunes.apple.com/us/app/starbucks/id331177714?mt=8
https://bobsullivan.net/cybercrime/identity-theft/exclusive-hackers-target-starbucks-mobile-users-steal-from-linked-credit-cards-without-knowing-account-number/