Stolen money and overly-caffeinated hackers – a look at the Starbucks breach

Stolen money and overly-caffeinated hackers – a look at the Starbucks breach

Written By: Admin

On July 22, 2015, Authomate CEO Jeff Schmidt and Savanture CEO Doug Howard recorded a Webinar with Access Granted’s executive editor – Ryan Schradin – where they discussed five recent, high-profile data breaches. During the event, the panelists discussed how these breaches occurred, what was compromised, what lessons enterprises should learn from the attacks and how the damage from each attack could have been mitigated.

The online event, which was the first in an ongoing series of security and authentication-focused Webinars, was entitled, “Anatomy of a Breach.”

Click HERE to watch the replay of the “Anatomy of a Breach” Webinar (registration required)

One of the five breaches that went under the microscope was the breach that resulted in hackers siphoning money from the accounts of Starbucks users.

The Starbucks loyalty program allows users to put money on a gift card or a Starbucks Gold Card from a bank account or credit card. Each visit where that card is used for the purchase of Starbucks beverages and food is tracked and the users eventually receive a free drink, in addition to other free extras and services.

Unfortunately, Starbucks fans found their credentials compromised and their accounts raided by hackers. These bad actors not only took the funds in these Starbucks accounts, but also took advantage of “Auto Reload” functionality to continue siphoning money from the users’ connected bank accounts or credit cards.

The end result? Upset Starbucks customers that may have not noticed the thievery until going to purchase their next latte…and some VERY overly-caffeinated hackers.

In the following video from the Webinar, Jeff, Doug and Ryan discuss the Starbucks breach, how it occurred, what was compromised and what organizational changes could have been taken to either prevent the attack or minimize its impact:

To watch the, “Anatomy of a Breach,” Webinar – which dives deep into the breaches that impacted Anthem, JPMorgan Chase, OPM, Starbucks and DropBox – in its entirety, click HERE (registration required).

Leave a Reply