Hackers get more inventive each day and they launch attacks on accounts you wouldn’t even dream of. Such is the case of the Starbucks incidents which started this week: several customers reported having their money stolen from the company’s mobile app.
There are a few faulty features on the app that offered hackers rather easy access. They took advantage of the fact the app auto-loads and the apparent lack of limits on the number of password tries allowed before the customer’s Starbucks account is locked. It didn’t help that a lot of people apparently use the same password for more than just one account.
Attacks on the company’s app could bring hackers a lot of money – just in 2014, more than $2 billion were processed through their mobile payment system. According to Starbucks’ reports, roughly 18% of its transactions are currently dealt with through the company’s app.
Security firm Checkmarx explains that the process of stealing money is fairly simple. The underground market provides hackers with stolen passwords and IDs; a program is used to verify combinations on the Starbucks mobile app until one goes “bingo”.
The fact that such programs are able to check thousands of ID-password combinations each second only makes their work so much easier. And as soon as they are in – because there’s no limit to the password attempts – thieves add a new gift card.
Money from the victim’s Starbucks account is then transferred to the gift card the hacker is controlling – a method which helps them steal all the money in one swift move. And if you have set your credit card or PayPal account to automatically reload when you deposit money, the thieves have access to steal those as well.
Last stage of the hacking process is turning gift cards in real money by reselling them on the internet, for either their real value or sometimes less. Even though hackers could technically increase the money they steal by pushing up the auto-reload amount, Starbucks will alert the account owner about the transactions through an email or text message.
And to make matters even easier, consumers “aid” hackers in their attacks by using the same combination of name and password for more than one account, which gives attackers even more possibilities of stealing money from other accounts.
Other big name retailers have suffered different kinds of hacking – Home Depot and Target, for example, had trouble when attackers targeted the companies’ networks in order to steal consumer information.
Image Source: Digital Trends