Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Starbucks Hack: A Great Example Why You Should Not Reuse Passwords

    starbucks_appUse this story and send it to your employees as a cautionary tale to make it real to them they should not reuse passwords in general, but especially not for any online payment accounts!

    News broke this week that smart thieves use the Starbucks' mobile app to steal money from users' bank accounts. You can use the app to pay at the checkouts with your smartphone, and you can also set it up to draw money from a linked account to reload your Starbucks card. The coffee giant now operates the most popular mobile wallet payment system in the U.S. so this is a big deal.

    The attackers have been breaking into Starbucks accounts to repeatedly transfer money from bank accounts using the app's auto-reload function. Starbucks hasn’t been able to stop fraudulent transactions even when they are reported within a few minutes.

    The problem is that the cyber thieves just need the user name and password to get into the account. Starbucks publicly stated that their system has not been breached, but that these thefts are are caused by stolen credentials on other sites and cause this problem for people who reuse their user name and password on multiple sites.

    So here are a few rules for online payments:

    1. Use a unique pass-phrase for online payment accounts. Do not reuse that pass-phrase anywhere else.
    2. DO NOT share passwords across apps. This is hard but not impossible, especially if you use password managers like OnePass or LastPass.
    3. If you link an app for payments, only use credit cards and never use debit cards or God forbid your bank account which simply is asking for trouble.
    4. Set your credit cards to email you real-time confirmation of expenses. I have an AMEX card that emails me the amount of any charge over a threshold I set. 

    Online payment systems are very convenient, but you need to use common sense and password discipline to make sure they don't become a major pain in the neck!

    These and many more ways to stay safe online can be found in the Kevin Mitnick Security Awareness Training modules. Today it is a must to give employees security education. Find out how affordable this is. Ask for a quote and be pleasantly surprised.

    Get A Quote Now

     

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews