Starbucks customers reportedly have been victimized by hackers who exploit the company’s mobile app.
Multiple victims say fraudsters have hacked into the customers’ reward accounts and stolen money from credit card, bank and PayPal accounts, according to media reports.
Customer Jean Obando tells CNN Money that hackers stole $550 from his PayPal account by reloading $50 to his Starbucks card 11 times in five minutes. According to CNN Money:
Starbucks didn’t stop a single transaction or pause to ask Obando for secondary approval. All of them went through.
Starbucks told Obando to dispute the charges with PayPal, and it was two weeks before he got the funds back.
Other victims report that they were able to get their money back more quickly, however, and that Starbucks helped them recover the funds.
The company has not disclosed exactly how the crime is being perpetrated. However, CNN Money reports that Starbucks has acknowledged that criminals are breaking into customer reward accounts.
Consumer advocate Bob Sullivan first broke the story. After talking with a source, he believes the crux of the problem is a reload feature that lets customers link their Starbucks card to their debit, credit card, PayPal or ApplePay account:
Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes
Starbucks denies that its app is responsible for the problem. Spokesperson Maggie Jantzen told Sullivan by email that “what you’re describing is not connected to mobile payment.”
She suggested, though, that customers follow best practices in general to protect themselves.
One way to protect yourself from the hackers is to disable the app altogether. Obando and other victims have done so. “I can’t trust Starbucks with my payment information anymore,” Obando tells CNN Money.
Customers who continue using the app can protect themselves in three other ways:
- Use a strong password. A good password is crucial when you use the Starbucks app, or any other app that has access to financial or otherwise sensitive information. CNN Money reports that this is the only way to protect your Starbucks account because hackers access your linked credit cards by hacking into your account.
- Change passwords often. Also, don’t use the same passwords for different accounts or websites, Jantzen says. (If you have difficulty keeping track of all those passwords, check out these “5 Password Managers to Keep All Your Secrets Safe.”)
- Monitor your Starbucks account. Look for fraudulent transactions, just as you would with your bank account, Sullivan suggests.
CNN Money notes that simply turning auto-reload off isn’t enough to protect yourself from hackers. Criminals can simply turn auto-reload back on as long as they’re able to access customers’ accounts.