Soon after this, Starbucks issued a press release denying that their servers had been hacked. It explained that Starbucks cards are often hacked “… when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks.” Starbucks encourages its customers to use strong passwords and to use unique passwords for all of their accounts.
Backing up Starbucks’ press release is Brian Krebs in his blog Krebs on Security. He explains that often an increase of fraudulent activity in major brand accounts begins with postings in hacker forums friendly to amateur hackers (often referred to as “noobs” for newbie or a new person who is clueless) “…about large numbers of compromised accounts for sale, and the publication of teachable ‘methods’ for extracting value from said hacked accounts.” This was the case for the reported hacking of the Starbucks cards. The security problem did not come from hackers entering Starbucks servers and taking sensitive account information, it came from hackers finding lists of ID’s and passwords and trying out those passwords on multiple accounts.
Krebs points out his belief that major companies could make an extra effort to enhance security by offering features such as two-step authentication. With word of security breaches such as alleged by Starbucks, major companies’ images do take a hit. However, Krebs concludes:
“But it works both ways: consumers who re-use passwords for sites holding their payment data are asking for trouble, and will get it eventually.”
Having strong passwords remains good advice. But, having unique passwords for each of your online financial accounts is equally important.
Starbucks Press Release May 13, 2015: