Are Thieves Hacking the Starbucks App?

By Charlene Arsenault (Patch Staff)

While several media outlets this week reported that a popular Starbucks app had been hacked, the coffee chain is flatly denying this has happened.

CNNMoney on Wednesday said that Starbucks had acknowledged that thieves are now breaking into customers reward accounts by using the Starbucks mobile app.

But also on Wednesday, Starbucks issued a statement that “news reports that the Starbucks mobile app has been hacked are false.”

“Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions,” said the announcement. “To protect the integrity of these security measures, Starbucks will not disclose specific details but can assure customers their security is incredibly important and all concerns related to customer security are taken seriously.”

Starbucks has a number of locations in the Greater Boston area.

CNNMoney said that the supposed hack was first reported by Bob Sullivan, a consumer journalist, on May 11.

With a Starbucks app, you can pay at the register with your smartphone and add gift card funds through your bank, PayPal or credit card.

Criminals have figured out how to get into the victim’s Starbucks account online and add a gift card, said CNNMoney and Bob Sullivan, which then allows them to transfer funds from the victim’s various accounts.

Several victims shared their stories with CNNMoney, stating that they became aware of the fraud when they received confirmations through their email that funds were being reloaded to their Starbucks accounts. One customer said a thief got $115 in just a few seconds right from a bank account.

Cybersecurity firms are indicating that Starbucks could, and should, add authentication processes that ensure more security.

“Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account,” added the company in a statement. “This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.”

Starbucks offered several tips to ensure security.

In January, Starbucks hit media facing an issue where its official IOS app insecurely stored user data, as reported by Securityaffairs.com.

Share Tweet Comment Now