The recent news of the Starbucks hack is one of the warning signs against increasingly-convenient payment methods. Cybercriminals were able to steal money from Starbucks customers though the Starbucks mobile app without actually obtaining much financial information. The incident shows that hackers are looking to steal from us, indirectly. How else can they do it?

It's just coffee... Why would a hacker be interested? Photo: Flickr |

It’s just coffee… Why would a hacker be interested? Photo: Flickr source

Dining and food apps

Starbucks offers just one of the many food and dining apps that store your information for easy-ordering purposes. Your billing address, delivery address and payment details are kept by these companies that may not be entirely focused on the security of their payment experience.

With Starbucks, hackers were somehow (still unclear) able to obtain customer usernames and passwords that opened up access to payment methods, which were used to refill gift card balances and transfer out gift card funds. Hackers can then sell these gift card balances to other people.

Pizza ordering apps, online food delivery apps, grocery delivery apps and fast food apps are examples of apps that could be vulnerable to similar hacks. They’re not the first things that comes to mind when you think about how cybercriminals would steal money from you, but there’s plenty of credit card information to steal through these apps.

Rewards and loyalty programs

In November 2014, hackers were able to break into the Hilton HHonors hotel loyalty rewards program. After cracking into member accounts, crooks sold rewards points on the online underground market.

Your hotel points, airline miles and other rewards are worth money, so protect it like they're your money. Photo: Flickr |

Your hotel points, airline miles and other rewards are worth money, so protect it like they’re your money. Photo: Flickr source

Imagine having 250,000 Hilton HHonors points disappear from your account. Those are your hard-earned points that you saved up to use for free hotel nights and room upgrades. (Free nights start as low as 5,000 HHonors points.) Hackers were reportedly selling 250,000 points for just $3.50, when these points are worth much more when used for free hotel stays. Fortunately, Hilton refunded those stolen points to affected members.

If hackers can compromise the rewards program of one of the largest hotel chains in the world, they may be able to carry out similar activities with other rewards and loyalty programs. This goes for airline frequent flyer programs, drugstore and retail loyalty programs.

Remember, they may just be rewards points on paper, but they represent financial savings (e.g., free flights, hotel stays, gift cards, merchandise, etc.).

Video games and entertainment

In 2011, the Sony PlayStation Network suffered a breach that allowed hackers to steal personal and financial information from customers who saved personal information with PlayStation (to make it easier to purchase video game and entertainment content). There were 77 million customer accounts that were vulnerable to the attack.

Game platforms make it easy to buy digital content. It also makes it easier to steal payment info. Photo: Flickr |

Game platforms make it easy to buy digital content. It also makes it easier to steal payment info. Photo: Flickr source

With that information, hackers could have made fraudulent purchases. Again, card issuers would refund customers for unauthorized purchases, but it was still an inconvenient situation.

Video game and entertainment platforms are being more integrated with convenient payments (think about those in-app purchases on your smartphone) and it is easy to forget that these third-party companies are holding your financial information. It is their job to secure such information. But, if they do a poor job at it, you’re the one in danger.

Simple tips to protect your accounts

Sure, it’s alarming that hackers still find a way to steal from people when there are already many security protocols in place. In the same way that burglars commit crimes based on opportunity (such a window that is left open just half an inch), hackers tend to look for open cyber windows.

Here are some security measures that you should take to minimize the likelihood of becoming a victim to similar hacks:

1. Use strong passwords. A formidable password remains the first line of defense against opportunistic hackers who simply try to log into your accounts by trying common passwords over and over again. An incoherent mix of characters often safer passwords (e.g., “Muney88trx”).

2. Don’t store payment info on rarely used apps. You don’t want information stuck on an ordering app that you rarely use — just choose not to store the card information in these apps. For frequently-used apps that do save your payment information, enable any forms of additional security features that may be offered (e.g., a PIN or biometric authentication such as fingerprint recognition).

3. Hide your payment card info, if possible. PayPal and other secure checkout options have become popular because you don’t need to enter your financial information every single time that you make an online purchase. Furthermore, they hide your financial data from the merchant, so hackers won’t get their hands on that information even if the merchant was hacked. Some banks even let you create temporary account numbers for online shopping.

Was your Starbucks account compromised? Do you still feel safe storing your payment information on mobile apps?

What kind of stories do you want to see more of on MyBankTracker? Let us know in the comments.

Did you enjoy this article? Yes No
Oops! What was wrong? Please let us know.

Ask a Question

  • I use my trusty Starbucks app all the time. It’s actually the only payment app I use on a regular basis, so I was a paranoid after hearing about hackers stealing your money this way. Luckily, my info wasn’t stolen, but I am considering going back to just using my Starbucks gold card instead of the payment app. No amount of cyber crime will keep me from getting my cup of coffee!

  • MJPro

    As soon as I heard about the Starbucks hack I immediately deleted my app. I can easily just use my Gold Card. This also made me analyze other online purchasing apps that I have as well as the strength of my passwords. You can NEVER be too careful when it comes to your financial information security and privacy.

    • I completely agree. I change my passwords every quarter and have switched back to using my Starbucks Gold Card rather than the app. If there’s one thing I’ve learned in the last few years, it’s that hacking is real, it can happen to anyone, and to be vigilant about keeping track of your finances for unauthorized purchases.