Starbucks customers are reporting that hundreds of dollars have been stolen from their credit cards after receiving emails saying the passwords and login details for the coffee company’s mobile app had been reset.
While details of exactly how the attacks are taking place are still unclear, it appears that credentials leaked in previous cyberattacks could be used to allow hackers to siphon off money from Starbucks’s customers.
Starbucks’ smartphone apps allow customers to pay for coffee and food in store, by pre-loading their reward cards with credit by storing a credit or debit card with the company.
By gaining access to a victim’s rewards card, the hackers don’t necessarily even need to know the card details or account number of the customer in order to perpetrate the fraud. Considering users of the app are also required to input their date of birth and address as well as card details, the hackers could then reuse these credentials in other attacks.