Skip to main content

Hundreds of dollars being stolen from Starbucks app users – weak/duplicated passwords blamed

Starbucks has confirmed multiple reports of users of its smartphone app having three-figure sums stolen from their accounts in the form of gift certificates, reports CNN.

One user lost $550 in a matter of minutes, his account auto-reloaded each time it was emptied by a hacker sending a series of $50 gift cards. Other users have also reported three-figure losses within a matter of seconds or minutes … 

Starbucks told CNN that no data has been hacked or lost, and blames the issue on customers using weak passwords – or using the same password for multiple sites and apps.

So if you use the Starbucks app and don’t already have a strong, unique password, now would be a great time to change it. Note that switching off auto-reload won’t help if a hacker has your login: they can simply switch it back on again. You can, however, delete the payment method attached to your account and use a strong, unique password.

It was revealed last year that the Starbucks app stores passwords in plain text (believed to have been fixed a few days later), but as these are only stored locally on your phone, it’s an unlikely route for a hack.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel