If you buy Starbucks using your phone, you could be the next victim of a series of account takeovers—which is just a fancy way of saying people have found yet another way to steal money from your credit card.
Starbucks just reloaded my account from my PayPal for $75 and I wasn't even in a store or using the app. What's up @Starbucks, you hacked?
— Katie (@KatieB_MV) April 29, 2017
A BuzzFeed reporter shared the story of how someone loaded $100 onto her Starbucks app using her saved credit card information, and then emptied it at a San Diego Starbucks. These account takeovers can happen in large amounts, or even small amounts over time. If you don't check the app regularly, you may not even notice the fake receipts. The last time a wave like this happened, Starbucks released this statement:
"We have a team of engineers dedicated to advancing our security and fraud prevention capabilities."
That was two years ago. The app is still the same: a username and password with no extra security features, such as two-factor authentication. This would ask you for an additional code whenever someone logs onto the Starbucks app from a new device.
This time, they're saying coffee-lovers should just make a better password, and that they "see only a tiny fraction of one percent of our account holders impacted." Not that comforting for those of us who want to easily rack up stars for free drinks, but also don't want our money stolen.
For now, you'll have to change your password from the one you've been using since middle school, or wait until Starbucks ups their security. But don't worry, you can still use your physical credit card safely in person at the stores.