Soon after this, Starbucks issued a press release denying
that their servers had been hacked. It explained that Starbucks cards are often
hacked “… when criminals obtain reused names and passwords from other sites and
attempt to apply that information to Starbucks.” Starbucks encourages its
customers to use strong passwords and to use unique passwords for all of their
accounts.
Backing up Starbucks’ press release is Brian Krebs in his
blog Krebs on Security. He explains that often an increase of fraudulent
activity in major brand accounts begins with postings in hacker forums friendly
to amateur hackers (often referred to as “noobs” for newbie or a new person who
is clueless) “…about large numbers of compromised accounts for sale, and the publication
of teachable ‘methods’ for extracting value from said hacked accounts.” This
was the case for the reported hacking of the Starbucks cards. The security
problem did not come from hackers entering Starbucks servers and taking
sensitive account information, it came from hackers finding lists of ID’s and
passwords and trying out those passwords on multiple accounts.
Krebs points out his belief that major companies could make
an extra effort to enhance security by offering features such as two-step
authentication. With word of security breaches such as alleged by Starbucks,
major companies’ images do take a hit. However, Krebs concludes:
“But it works both ways: consumers who re-use passwords for
sites holding their payment data are asking for trouble, and will get it
eventually.”
Having strong passwords remains good advice. But, having
unique passwords for each of your online financial accounts is equally
important.
Starbucks Press Release May 13, 2015:
No comments:
Post a Comment