For serious Starbucks go-ers, their mobile app makes paying for your Grande iced coffee easy as can be — but users who chose to link their Starbucks account to their banks are finding themselves victims of a major scam.
A reporter at Buzzfeed explained that last week she received an email saying that she had reloaded $100 onto her Starbuck mobile app from the credit card she had on file. The thing is, she hadn’t actually reloaded her card. So when she opened her app, she found that someone had gained access to her information, added the $100 and made three charges in San Diego that wiped her account.
According to Twitter, this reporter isn’t alone. Dozens of people have taken to the social media platform complaining of the same issues.
This isn’t the first time this has happened. In 2015, Starbucks confirmed that criminals have been gaining access to customers’ rewards accounts and making unauthorized charges. CNN explained that criminals break into users’ accounts online and then add a new gift card and transfer the funds to themselves. They can then repeat the process by reloading the card.
Starbucks explained to CNNMoney that these hacks were likely a result of weak customer passwords, as the company itself had not been hacked at the time. Still users who have had their accounts broken into say Starbuck’s needs to up their security measures.
“I think it’s too easy to dip into someone’s bank account,” Kristi Overton, whose Starbuck account was hanked into in 2015, told CNN. “The Starbucks app’s security measures need to be updated.”
When asked nearly two years later about rolling out a two-factor authentication, Starbucks told Buzzfeed, “While we do not share specifics on future security protocol timelines or practices, our security and anti-fraud teams actively continue to develop, and invest in, enhanced protection measures, further strengthening our platforms.”
In the meantime, Rachel Rothman, Chief Technologist in the Good Housekeeping Institute, suggests always switching up your log-in information even if it may be hard to remember.
“Try to pick different passwords for the different applications or websites you use, so that if someone does guess one of your passwords, they can’t access everything,” she says.
If you are concerned that your Starbucks Mobile account has been hacked, you can contact their customer service line at 1-800-782-7282.
GoodHousekeeping.com has reached out to Starbucks and will update this post as new information becomes available.
“First and foremost, the security of our customer’s information is critically important and Starbucks remains resolute in protecting that information and has a team of engineers dedicated to advancing security and fraud prevention, given unauthorized account activity is an industry-wide challenge. As a result, we see only a tiny fraction of one percent of account holders impacted, significantly reducing fraudulent activity to a level vastly better than industry average. We strongly encourage our customers to follow best practices to protect their accounts and, if we are made aware of any unauthorized activity, we work with our customers directly to ensure that their account remains whole.”