Starbucks, the internationally popular coffee chain, acknowledged that criminals are actively using the company's official app to obtain personal details as well as gain access to monetary accounts. The criminals create a new gift card, load your money onto the card, and transfer the funds over. Starbucks had no process in place to challenge or halt the transactions, or ask for customers affected to provide a secondary approval. Bob Sullivan reports:
Because Starbucks isn't answering specific questions about the fraud, I cannot confirm precisely how it works, but I have informed speculation, based on conversations with an anonymous source who is familiar with the crime. The source said Starbucks was known to be wrestling with the problem earlier this year. Essentially, any criminal who obtains username and password credentials to Starbucks.com can drain a consumer's stored value, and attack their linked credit card.
Since many people use the same, simple password for multiple, if not all accounts, once one system has been compromised, criminals can just try the same username and password combinations on other systems, and often get right in.
Once they have access, the criminals are reportedly using the auto-refresh option to load more money onto the Starbucks account, and then using that money to send gift cards to email addresses they control.
"Your eGift Just Made Someone's Day! It's a great way to treat someone — whether it's to say Happy Birthday, Thank you or just 'this one's on me."
To be clear, there's no indication anyone has hacked into Starbucks's system to steal customer data. They're just exploiting week, repetitive passwords. It's absolutely a crime, but it's one we can help prevent by using strong, unique passwords. An example of a strong, unique password is: 8qHjz>g%wHkY+siEzri8
Because strong, unique passwords are not only incredibly hard to crack, they're almost impossible to remember, we also recommend using a password manager like 1Password or LastPass. These tools also offer password generators that can supply random passwords for use on various accounts. You're even able to determine the password strength.
Starbucks should also make two-step authentication — where a token gets texted to a trusted device, like your iPhone — for better security on their end as well.
Apple Watch may have saved another life
Apple Watch has helped to save many lives already and it may have saved a 13-year-old with SVT.
From the Editor's Desk: Let's 'Unpack' this folding phone trend
With March just around the corner, we expect to see a new iPhone, but it will definitely not be a foldable one. Find out what we think of Samsung's Z Flip and more.
Former Apple exec being sued for poaching talent is now suing Apple
Apple accuses Gerard Williams III of poaching chip designers for his new startup and has taken the matter to court. Now he's accusing Apple of the same.
Have a large wrist? There's an Apple Watch band for you
Need an Apple Watch band that is comfortable and fits your larger wrists without issue? Check out some of these great options out there!