Starbucks has confirmed multiple reports of users of its smartphone app having three-figure sums stolen from their accounts in the form of gift certificates, reports CNN.
One user lost $550 in a matter of minutes, his account auto-reloaded each time it was emptied by a hacker sending a series of $50 gift cards. Other users have also reported three-figure losses within a matter of seconds or minutes …
Starbucks told CNN that no data has been hacked or lost, and blames the issue on customers using weak passwords – or using the same password for multiple sites and apps.
So if you use the Starbucks app and don’t already have a strong, unique password, now would be a great time to change it. Note that switching off auto-reload won’t help if a hacker has your login: they can simply switch it back on again. You can, however, delete the payment method attached to your account and use a strong, unique password.
It was revealed last year that the Starbucks app stores passwords in plain text (believed to have been fixed a few days later), but as these are only stored locally on your phone, it’s an unlikely route for a hack.
Starbucks updated the app in February, allowing Apple Pay to be selected as a payment method.
Filed under: Apps Tagged: Apple pay, hack, Mobile app, passwords, Security, Starbucks, Starbucks iPhone app
Check out 9to5Mac for more breaking coverage of Apps, Apple pay, and Security.
What do you think? Discuss "Hundreds of dollars being stolen from Starbucks app users – weak/duplicated passwords blamed" with our community.
0 comments :
Post a Comment