Report: Scammers Breach Starbucks Accounts, Refill And Drain Gift Card Balances

http://ift.tt/1ExK8Xj

(Molly)

Do you use a Starbucks stored-value card so you can have the fastest possible access to coffee? If you have that card set to auto-reload using a credit or debit card, you may be providing a way for criminals to vacuum money out of your bank account and into their own. How does that happen? Savvy scamsters can use a loophole in the way the cards work to reload and drain them for you.

Starbucks accounts are an interesting hybrid of gift cards and debit accounts, but that means that they lack the protections of bank accounts. Consumer reporter Bob Sullivan broke this story, sharing the stories of readers whose accounts had been breached.

The problem is that by changing a user’s Starbucks account password, scamsters can repeatedly transfer the victim’s balance to a card of their own, and this amount is theoretically unlimited as long as the victim has auto-reload turned on. (Do you use the Starbucks card or app and have auto-reload turned on, leave this page and go turn it off right now. Don’t even finish reading this paragraph. Why are you still here?)

Sullivan contacted Starbucks about the scam, and they couldn’t provide specifics. They did point out that the value of a registered gift card is protected, and that customers aren’t ultimately liable for transfers made fraudulently.

EXCLUSIVE: Hackers target Starbucks mobile users, steal from linked credit cards without knowing account number [Bob Sullivan]

by Laura Northrup via Consumerist