16 million! – that’s the number of users Starbucks has who use the company’s mobile payment service. And this is the second time that user data has been compromised. The last time this happened was in January 2014 which resulted in the app being deleted by so many users that the app fell down many places at the app store. Not to mention the terrible PR that came with it.
Starbucks is in the news again, for the wrong reasons. A few days ago, independent journalist and best-selling author Bob Sullivan reported that hackers recently stole money from several Starbucks customers by gaining access to their credit card information through the Starbucks app and using the auto-load function.
In his detailed post, he describes how one Starbucks customer had $34.77 stolen from her account last week, another $25 after it was auto-loaded, and another $75 after the hackers changed her auto-load amount. And all of this happened in less than 10 minutes.
Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes.
Since this is very easy to do and it is not clear on what consumer protections Starbucks is putting in place, it is suggested that everyone disable the auto-reload function immediately.
Why is this a big deal?
The fraud is a big deal because Starbucks mobile payments are a big deal. Last year, Starbucks said it processed $2 billion in mobile payment transactions, and about 1 in 6 transactions at Starbucks are conducted with the Starbucks app.
This Reddit thread shows a handful of others who had similar issues. Some hackers even used stolen accounts to email gift cards to themselves.
It is crucial for companies to take security seriously. At Appknox, we have been emphasising on this since long. Consumers need to be aware of the risks they are at and businesses need to take ownership.