REM Hackers are draining bank accounts through Starbucks’ mobile app
Some Starbucks customers have had money taken out of the Starbucks mobile app by hackers with the help of a new attack. But, on Friday, the company said that it itself hasn’t been targeted.
The attack has first happened this week. It took advantage of a few things, including the Starbucks’ app auto-load function, consumers using same ID and password in multiple accounts, and the fact that Starbucks doesn’t seem to limit the number of password tries before it locks a customer’s account.
In 2014, Starbucks processed over $2 billion in mobile payment. Starbucks announced that at present approximately 18% of its transactions are made on the company’s app.
The attack process was very simple. At first the thieves get hold on stolen passwords and IDs from the underground market. Checkmarx, application security firm explained that then they used a program to try the stolen combinations on the Starbucks mobile app until one happened to work. Such programs can ‘process’ thousands of ID-password combinations every second.
Generally, sites keep a limit on the number of password attempts before locking the account, but such is not the case with Starbucks, as it doesn’t do so on its app. When the hackers got into a victim’s account, they immediately added a new gift card.
After it, they transferred the money the victim had put into their account to the gift card, which is under the control of the thieves. With the help of this strategy, the thieves stole all the money from the app by putting it into the gift card.
If the user has set the app to automatically reload their PayPal account or credit card, the thieves can steal again once the app gets more money.
Kevin Mahaffey, CTO of security firm Lookout said that the thieves can then resell the gift cards on the Internet ‘for face value or less, eventually turning those Starbucks dollars into real dollars’.
- Del Lago Casino’s furloughed worker creates petition to reopen as operator planning to lay off over 1,000 staff
- Oklahoma will have to bear cost of poorly negotiated gaming compact deal with Native American tribes: Governor Stitt
- Majority of Americans want COVID-19 vaccine on market before visiting Las Vegas: Macquarie Survey
- Nevada man arrested for trespassing after he allegedly refused to wear face mask at Hard Rock Casino Bar
- Stakelogic’s Dragons & Magic video slot takes players through dark forest full of mysteries
New Zealand News
- PAGCor suffers first-half deficit of $32.5 million due to corona virus-related closures
- Cambodian casino operator NagaCorp all set to partially reopen flagship Phnom Penh gaming venue
- Bridge Investment ordered to stop work on Tinian Casino project due to lack of permits
- Philippines government warns public not to patronize illegal online gambling operations
- Eldorado Resorts’ capital raising plans could be catalyst to finalize $17.3bn Caesars deal
An American citizen who had boasted in front of an...Read More
Pushing the long-awaited Chicago casino project...Read More
A study was conducted to evaluate the effect a...Read More
Tech biggie Google’s recent filing with the US...Read More
Docker CEO Ben Golub said in an earlier-this-week...Read More