Hackers’ Eyes on a New Prize in Starbucks Mobile Users
Few need to be told these days of the dangers that hackers present.
With major breaches taking place around the world, and businesses of all size affected, the idea of hackers are enough to keep some up at night. Now, a new threat has emerged and it’s targeting one particular walk of life: Starbucks mobile users.
More specifically, credit card hackers are reportedly putting some extra effort into going after those who use Starbucks gift cards and also its mobile payments service.
Better yet—at least for the hackers—the method involved is so simple, and downright terrifying, that the hacker doesn’t even need the account number to pull off the job.
It revolves around the auto-reload function of Starbucks cards, which are often connected to a linked credit card. This is especially bad news for the customers, as the protections around the transactions are somewhat unclear.
Naturally, the exact method isn’t being detailed so as not to provide tools for other potential hackers—Starbucks reportedly won’t answer specific questions about this particular round of fraud—so speculation is running quite briskly.
Currently, some believe that the problem is coming from Starbucks.com directly, where hackers are getting username and password combinations, which in turn allow the hackers to access the gift cards and mobile payment systems, and launch the attack accordingly, moving cash to undisclosed locations.
Since there are several methods of payment involved with Starbucks’ systems—customers can pay Starbucks directly or move balances from one card to another as a gift for friends—it becomes quite possible for hackers to make those same balance moves.
From there, the inevitable question is how to protect yourself against such things, and the answer, at least in the short term, does seem to be simple: disable the auto-reload function.
Without that tool in place, the hacker’s ability to gain cash seems greatly limited. While this is a decidedly major kick in the teeth for those who use the service, the alternative goes only so far: use extremely strong passwords for the account and change them routinely, and keep a clear watch on any credit or debit card connected with the account.
Knowing about this particular move is likely to prove helpful for at least some users out there, if for no other reason than they now know what to watch for.
Mobile payments are a convenient, useful, and commonly safe way to carry out business, but as the quote almost said, eternal vigilance is the price of mobile payments, so keeping a weather eye on all those accounts and putting same behind strong passwords should go a long way toward keeping unauthorized users out of your Starbucks account… or any other account, for that matter.