Starbucks, the internationally popular coffee chain, acknowledged that criminals are actively using the company's official app to obtain personal details as well as gain access to monetary accounts. The criminals create a new gift card, load your money onto the card, and transfer the funds over. Starbucks had no process in place to challenge or halt the transactions, or ask for customers affected to provide a secondary approval. Bob Sullivan reports:
Since many people use the same, simple password for multiple, if not all accounts, once one system has been compromised, criminals can just try the same username and password combinations on other systems, and often get right in.
Once they have access, the criminals are reportedly using the auto-refresh option to load more money onto the Starbucks account, and then using that money to send gift cards to email addresses they control.
To be clear, there's no indication anyone has hacked into Starbucks's system to steal customer data. They're just exploiting week, repetitive passwords. It's absolutely a crime, but it's one we can help prevent by using strong, unique passwords. An example of a strong, unique password is: 8qHjz>g%wHkY+siEzri8
Because strong, unique passwords are not only incredibly hard to crack, they're almost impossible to remember, we also recommend using a password manager like 1Password or LastPass. These tools also offer password generators that can supply random passwords for use on various accounts. You're even able to determine the password strength.
Starbucks should also make two-step authentication — where a token gets texted to a trusted device, like your iPhone — for better security on their end as well.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!