iStock_000019988830XSmallCyber thieves have found another crafty way to steal money, and this time it’s through the Starbucks mobile app. While Starbucks itself hasn’t been hacked, the latest attack takes advantage of a combination of factors in order to siphon money out of users’ accounts.

Thieves cash in on the fact that the Starbucks app has an auto-load function, people use the same ID and password for multiple accounts, and the app doesn’t limit the number of password attempts before it locks a customer out. The criminals carry out the attack by buying stolen passwords, trying combinations in the app until one works, adding a new gift card to the account, and then transferring money from the victim’s bank account onto the new card. The thieves can then either buy coffee, or more likely, sell the gift cards online for real money.

In this instance and many others, weak passwords give hackers easy access to your information. This new attack also serves as a reminder that even mobile applications can be hacked, and password security is essential. Consider these strategies for creating and maintaining passwords that are difficult to crack:

  • Passwords should be at least 8 characters long. The longer the password, the harder it is to guess. Try using a pass-phrase of 4 or 5 words strung together.
  • Passwords should contain a combination of characters including upper and lowercase letters, numbers, and special characters.
  • You should never use the same password for your login, email, protected systems, financial accounts, etc.
  • Change your passwords frequently.

Refer to the Password Security threat under Cyber Threats in the Knowledge Center of your portal for more detailed information on how you can create strong passwords that keep criminals out. If you have any additional questions, contact your Client Services representative.

2015 Content Intern