Your Starbucks App Could Be Draining Your Bank Account Dry

The Starbucks app is the key to a new scam where thieves are stealing money from your bank account or Paypal by hacking into the Starbucks app that sits on your iPhone or Android and sending out gift cards.

In this new scheme criminals rely on weak passwords to login to your Starbucks account on their iPhone, iPad, Android or computer and then tap into the bank account that you likely use to keep your Starbucks card loaded up.

By continually drawing funds from the Starbucks card that is set to auto refill the thief can keep siphoning money out of your bank account like a never ending Frappuccino.

What you need to know about Starbucks app fraud that can reach right into your bank account.

What you need to know about Starbucks app fraud that can reach right into your bank account. AHMAD FAIZAL YAHYA /

Bob Sullivan discovered the hack that relies on users not guarding their Starbucks app password with the same security as a bank account.  By tapping into the Starbucks app, which users are less likely to secure with a strong password, the thieves can still drain your bank account, rack up credit card charges or empty your PayPal.

Sullivan shares the story of Maria Nistri who woke up to an alert that her account username and password changed, and then discovered that the thief stole over $100 in a matter of seven minutes. Nistri could not speak to a Starbucks app support team until after 8 AM, and the theft started at 7 AM.

Starbucks told CNN Money that the problem is not with the Starbucks app. Starbucks blames, “weak customer passwords”, that many customers may re-use from other sites.

When consumers re-uses passwords and usernames or emails across multiple sites it is easier for a thief to steal an account by trying passwords and usernames over and over again. The thief must verify the Starbucks card balance transfer with an email, but once a user controls the Starbucks account they can easily change the email address and then verify the new email.

Starbucks App Theft

This is a good reminder to use a strong password and a unique password on any service you use — especially services that link to your bank account or credit card. A strong password contains upper and lower case letters, special characters and numbers. It is also not a dictionary word or a name and a year. Additionally you can use a service like LastPass to create and store strong passwords that you can access from your iPhone or Android with your fingerprint.

In this case Starbucks will reimburse customers who lost money through account problems like this, but it is still a great idea to use a secure password.

You can check to see if your Starbucks app and Starbucks account is impacted by this problem with a look at your email for Starbucks gift card purchases or to look into your bank or your Starbucks account for unusual activity.

If this problem with the Starbucks app password security scares you, you can disable the auto reload and delete your payment options. This would change how you load up your card, so a better solution is simply to pick a secure password and use a new password for each account that you sign up for.

There is no comment from Starbucks on how they plan to specifically address this issue, but two-factor security could fix this problem by verifying a user when they sign up on a new device. This would work by sending a short text message with a code for the user to enter as part of the Starbucks app sign up process.

Android vs iPhone: 15 Reasons Android is Better

More Choice with Android

1 / 15
More Choice with Android

Apple offers more choice than we've seen from them before with the iPhone 6s Plus, iPhone 6s and iPhone SE as well as older models -- but you still only have three screen sizes and two designs to pick from. 

Android delivers more options with waterproof phones, different screen sizes, more colors, different materials and other differentiating factors. 

With Android smartphones users can choose a waterproof option like the Galaxy S7 or S7 Edge or go with a modular design like the LG G5. There is also support for a huge screen with a built-in stylus with the Note 5. In addition to these big names, there are many other options from Motorola and if you include last year's releases a number of other interesting options. 

There are also options to buy an Android phone with wireless charging or a replaceable battery, neither of which is available without adding a case to the iPhone.

Users can pick the phone size and design they want, and they can also pick a phone that offers a replaceable battery, a great camera or another feature without limiting to just two phones for the latest features and user experience.

1 / 15