I’ve ordered coffee via the Starbucks app — even paid for it without so much as showing the barista my phone. Some unlucky souls are buying more coffee than they bargained for, as the Starbucks app has been outed as vulnerable to hackers. Starbucks has confirmed some users of their mobile app had funds from a linked card taken without their knowledge, which were then sent to a mystery recipient in the form of a gift card. Starbucks has yet to issue a fix for the problem.
Positively, Starbucks says no personal data was at risk.
Starbucks’ reasoning for the security flaw was a bit deflective. According to them, our weak password security is to blame; using weak passwords or the same password in the Starbucks app that we use elsewhere.
Late last year, Starbucks chose to process their own payments rather than rely on Square, who they’d been using up until then. Starbucks also accepts Apple Pay, which wasn’t affected in this breach.
If you’re using the Starbucks app and have a linked card, now would be a good time to remove that card, change your password, and re-add a card. For those using an iPhone 6, Apple Pay is also a good choice, here.
This is also an opportunity to familiarize yourself with an app like 1Password, which creates and stores ridiculously strong passwords with just a few clicks.