Starbucks customers are reporting that their accounts have been drained by hackers who have broken into their accounts, CNBC reported.
“Credit card hackers looking for new ways to drain money from consumers’ bank accounts and evade increased bank security measures have discovered a clever side door—the Starbucks mobile payment app and gift cards. Criminals are hijacking consumers’ coffee accounts, draining the stored value of their cards, and then using Starbucks’ auto-reload function to hack consumers’ associated debit and credit cards.”
The balance on Starbucks cards cannot be converted directly to cash, so it is not as if the dollars are moving directly from Starbucks cards into criminals pockets, and these guys are not just using them to buy coffee. However, as PCWorld pointed out, there are other risks that stem from a hacked coffee card.
“Since people often reuse login credentials on many different web services, hackers will try to see if the details unlock another service. That’s especially dangerous for Starbucks accounts since customers can set their cards to auto top-up with funds from a payment card or PayPal. The cards can hold up to a $500 balance.
Once in control of an account, the scammers can then transfer the balance to another Starbucks card, which is sold at a discount. An advertisement on a well-known bitcoin forum from last September offered a $100 Starbucks gift card for $35 worth of the virtual currency.”
This incident shows how hackers can take roundabout ways to access accounts and defraud customers. Even as new protections are implemented, payments providers of all types need to be careful about how they secure their systems.
Overview by Ben Jackson, Director, Prepaid Advisory Service at Mercator Advisory Group
Read the full story