Starbucks acknowledged that criminals are actively using their official app to obtain personal details as well as gain access to monetary accounts. The criminals create a new gift card, load your money onto said card and transfer the funds over. What makes matters worse to those affected by the crime is the bombardment of automatic emails from Starbucks.
"Your eGift Just Made Someone's Day! It's a great way to treat someone — whether it's to say Happy Birthday, Thank you or just 'this one's on me."
The company failed to halt the transactions or ask for customers affected to provide a secondary approval, CNN Money reports:
"When Obando told Starbucks he thought his account was hijacked, Starbucks promised to conduct a review. When Obando asked to stop the payments and refund his money, Starbucks told him to dispute the charges with PayPal. It took Obando two weeks to get back his $550."
Starbucks states that there have been no breaches and no customer data has been shared. These incidents are likely due to weak passwords, which is where our helpful hint above comes into play. You could prevent this from recurring by simply using a stronger, randomly generated password. Put away that "ThisIsSecurePassword123" you like to use for every account and start employing some real security.
There are popular password managers available on the market like 1Password and LastPass. These tools also offer password generators that can supply random passwords for use on various accounts. You're even able to determine the password strength. While customers can always improve security on their end, Starbucks could also do more, like require two-step authentication.
Source: CNN Money