A security weakness has been reported in a few Starbucks accounts, and here’s what you need to know

It’s 2017 and there is no shortage of growth and advancement when it comes to technology. With apps available for every purpose imaginable, our lives have definitely been changed for the better…or have they? Earlier this week, BuzzFeed described what happened when someone else got ahold of a user’s Starbucks account.

Writer Venessa Wong said, “I received an email alert from Starbucks. It contained a receipt for reloading $100 onto my Starbucks mobile app, using my saved credit card. The problem, of course, was that I had nothing to do with that transaction.” She did what any of us would do in that situation, she reached out to customer service.

Unfortunately, by that time, it was too late and her account had already been completely emptied.

This type of hack isn’t new — it’s called an account takeover, and it’s happening more than you think. This whole thing is kind of frightening.

To prevent hacks, most companies require two-step authentication, which typically involves linking a phone number to your account to ensure the identity of the user logging in is actually the account owner. However, despite its app being linked to people’s credit cards and having the capability to charge money to those cards at will, Starbucks has confirmed that it does not currently offer two-factor authentication, however has several other security measures in place to protect its customers.

It seems this is not an isolated issue; many Starbucks app users have been sharing their our experiences on social media.


According to Eater, Starbucks is aware of the security issues and has released this statement on the matter,

"The security of our customer’s information is critically important and Starbucks remains resolute in protecting them with a team of engineers dedicated to advancing security and fraud prevention, given unauthorized account activity is an industry-wide challenge. We strongly encourage our customers to follow best practices to protect their accounts and, if we are made aware of any unauthorized activity, we work with our customers directly to ensure that their account remains whole."

We’re glad the company is so willing to work with affected customers but we hope this security bug will be squashed soon!