Starbucks Hack: A Great Example Why You Should Not Reuse Passwords



starbucks_appUse this story and send it to your employees as a cautionary tale to make it real to them they should not reuse passwords in general, but especially not for any online payment accounts!

News broke this week that smart thieves use the Starbucks' mobile app to steal money from users' bank accounts. You can use the app to pay at the checkouts with your smartphone, and you can also set it up to draw money from a linked account to reload your Starbucks card. The coffee giant now operates the most popular mobile wallet payment system in the U.S. so this is a big deal.

The attackers have been breaking into Starbucks accounts to repeatedly transfer money from bank accounts using the app's auto-reload function. Starbucks hasn’t been able to stop fraudulent transactions even when they are reported within a few minutes.

The problem is that the cyber thieves just need the user name and password to get into the account. Starbucks publicly stated that their system has not been breached, but that these thefts are are caused by stolen credentials on other sites and cause this problem for people who reuse their user name and password on multiple sites.

So here are a few rules for online payments:

  1. Use a unique pass-phrase for online payment accounts. Do not reuse that pass-phrase anywhere else.
  2. DO NOT share passwords across apps. This is hard but not impossible, especially if you use password managers like OnePass or LastPass.
  3. If you link an app for payments, only use credit cards and never use debit cards or God forbid your bank account which simply is asking for trouble.
  4. Set your credit cards to email you real-time confirmation of expenses. I have an AMEX card that emails me the amount of any charge over a threshold I set. 

Online payment systems are very convenient, but you need to use common sense and password discipline to make sure they don't become a major pain in the neck!

These and many more ways to stay safe online can be found in the Kevin Mitnick Security Awareness Training modules. Today it is a must to give employees security education. Find out how affordable this is. Ask for a quote and be pleasantly surprised.

Get A Quote Now

 


Subscribe To Our Blog


Weak Password Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews