Starbucks drinkers this week are getting a major buzz kill after discovering thieves are able to siphon money out of customers’ accounts using their reloadable gift cards purchased through the coffee chain’s mobile payment app.
Using password and username data stolen by hackers, Bob Sullivan, an independent consumer reporter, wrote how hackers can gain access to Starbucks accounts that are linked to a credit card. Once they’re in, victims helplessly sit there and watch as hackers change the account’s email log-in and transfer the balance to a different Starbucks card.
About one in six Starbucks customers use these cards –which can be automatically reloaded when the card balance is low through Starbucks’ mobile app. The app also lets customers pay at checkout with their phone.
Sullivan reported that Maria Nistri was a victim of thieves who stole a total of $75, all within 7 minutes. Nistri says the hackers were able to steal money from her credit card, because her gift card was loaded onto her Starbucks app. They didn’t even need to have all of her credit card information.
“It was crazy. I was like, what in the world?” Nistri told Sullivan. “I was lucky I happened to check my email when I did, otherwise who knows how much they would have gotten.”
Starbucks says its mobile app has not been hacked and that they “constantly monitor for fraudulent activity.” They added that “customers are not responsible” for charges or transfers they didn’t make.”
Security experts warn that any account that is linked through third party is vulnerable. Their advice: use strong passwords and avoid auto reload if you can.