starbucks

MomentsForZen/flickr

Apps that are connected directly to your bank account seem like a great idea for saving time, but Starbucks has recently demonstrated just how badly it can go wrong.

The Starbucks app is a wildly popular way for customers to pay, with one in six Starbucks customers choosing to pay with it for their orders over more conventional payment methods. [tweetable alt=”The recent #hack attack on the @Starbucks #app raises questions over whether users are safe.” hashtag=””]Recently though, the app has come under attack by hackers,[/tweetable] who have used it to gain access to customer’s accounts and drain their finances, according to Fox.

Hackers are able to access the accounts by making guesses on usernames and passwords based on information from outside sources. They can then top up the money on the app from a linked credit card using Starbucks’ “auto reload” feature.

Bob Sullivan reported that one customer lost the $34.77 she had loaded onto her Starbucks account, followed by another $25 from the auto-reload feature. [tweetable alt=”In just 7 minutes, hackers took nearly $100 dollars from a customer via the @Starbucks #app, says @RedTapeChron.” hashtag=””]Within seven minutes, thieves changed the auto reload amount to $75, reloaded, and took that, too — apparently, not even your coffee is safe.[/tweetable]

Direct Route to Your Credit Card

The Starbucks app thrives on being a quicker and easier way to pay for coffee, but at what cost? In many cases reported by Starbucks customers, several hundred dollars have been compromised from individual accounts.

The auto-reload feature bypasses the need for customers to input their bank details, enabling them to load and pay faster, but also allowing thieves to steal their money and information without a very significant obstacle in their path.

Starbucks has refunded the money lost in this security breach, but maintains that they do not deserve the blame for it, claiming instead that it is the customers who need to be more careful.

Keeping Your Information Safe

There are several steps that customers should take in order to avoid further compromises to their security in the future.

First, use different usernames and passwords with each of your apps. It may seem easier and more convenient to simply have a go-to combination for everything, but hackers make their bread and butter from this kind of mentality. If you have the same login details on every app, once someone hacks one of them, they may as well have hacked them all.

Users should turn off any app “reload” feature to limit losses. The auto-reload feature stores your credit card information and uses it to top off your account once your balance reaches $0. It’s a feature that’s in place so that customers always have some money on their Starbucks card, but in a situation where someone else gains access to your account, there’s no limit to how much they can take.

Though manually entering your credit card details each time you wish to refill your Starbucks card can be annoying, this slight inconvenience could save you hundreds of dollars.

Finally, always dispute missing funds with retailers. In a situation like this one, politeness is unnecessary and unwise. Ignoring missing funds or blaming yourself for them is another way of thinking that hackers depend upon.

By not reporting or disputing issues with your funds, a hack can go unnoticed by companies for a long time, allowing even more money to be stolen.

A Real Solution

Apps have become more and more integrated into our daily lives, with thousands of people using them for everyday activities — the need for in-app security has never been greater. The attack on Starbucks customers brings the problems that occur when security isn’t strong enough to light, and acts as a warning for other companies that offer payment apps.

In the aftermath of this attack, other companies will no doubt make an effort to tighten their security and ensure customer information stays private. Security within apps should not just be a luxury, but a necessity.

If you have an awesome idea for an app but are wary of security issues, try developing your app with Infinite Monkeys. The simple app creation platform contains easy-to-incorporate security features to ensure your new apps are always a few steps ahead of hackers.