Starbucks Gift Cards Hacked While Mobile App Allows Access To Credit Card Information

Starbucks gift cards are being hacked, and hackers are getting access to card balances and credit card numbers attached to the cards without having to the know the card numbers. The vulnerability in the cards is caused by the auto load feature of the gift cards, which allows users to automatically have more money loaded onto their cards when they go below a certain balance, according to Time.

Since Starbucks processed over $2 billion in mobile app and gift card transactions last year, it is a major problem. One in six transactions are conducted with the mobile app, and with the vulnerability, users stand to lose millions of dollars. The key to avoid losing money over this new scam is to disable the auto load feature on the gift card or the app to prevent hackers from having access to credit card information if the gift card is hacked.

It is a simple scam where the hackers target Starbucks customer accounts. This then gives them access to the auto reload feature. With access to the accounts, hackers can changes customer emails as well as passwords so the customers don’t know there is a problem. It also allows hackers the ability to steal the money quickly by draining the balance on a card, quickly reloading and draining the balance again. Hackers often change the reload amount, raising the stakes and allowing them to steal even more money quickly so that customers can’t stop it.

Maria Nistri, 48, of Orlando, FL, was a victim of the gift cards scam. She had $34.77 loaded onto her card. Hackers gained access to the card and drained the money. When the balance of the card hit zero, it recharged and allowed the hackers to take an additional $25. They quickly changed the amount of the reload and gained an additional $75. The crime takes place in a matter of minutes.

Nistri first became aware that her money was being stolen when she receive an email from Starbucks telling her the card was being recharged. She responded quickly to the theft and contacted Starbucks. Because it was before 8 a.m. Nistri was unable to reach Starbucks to notify them of the theft, and she lost $163.

According to Bob Sullivan, consumer advocate and tech skeptic, the bigger vulnerability is that consumers often use the same username and passwords for different accounts across the internet. Hackers use the usernames and passwords they steal to try and hack into other accounts to steal even more. He stated that Starbucks has yet to explain exactly how the scam on the gift cards works although consumers won’t be liable for the amounts lost. He also stated that Starbucks customers should disconnect the auto reload feature immediately on their cards and apps.

[Photo Credit Money Saving Mom]