Starbucks has confirmed multiple reports of users of its smartphone app having three-figure sums stolen from their accounts in the form of gift certificates, reports CNN.
One user lost $550 in a matter of minutes, his account auto-reloaded each time it was emptied by a hacker sending a series of $50 gift cards. Other users have also reported three-figure losses within a matter of seconds or minutes …
Starbucks told CNN that no data has been hacked or lost, and blames the issue on customers using weak passwords – or using the same password for multiple sites and apps.
So if you use the Starbucks app and don’t already have a strong, unique password, now would be a great time to change it. Note that switching off auto-reload won’t help if a hacker has your login: they can simply switch it back on again. You can, however, delete the payment method attached to your account and use a strong, unique password.
It was revealed last year that the Starbucks app stores passwords in plain text (believed to have been fixed a few days later), but as these are only stored locally on your phone, it’s an unlikely route for a hack.
Starbucks updated the app in February, allowing Apple Pay to be selected as a payment method.