Hackers Stealing Credit Cards and PayPal Accounts via Starbucks App

According to a report by CNN Money, Starbucks has officially acknowledged that hackers have been breaking into individual customer rewards accounts, and have gained access to their credit cards, bank and PayPal accounts by tapping into their Starbucks mobile app. The hackers break into a victim’s Starbucks account online, add a new gift card, transfer funds over and repeat the process every time the original card reloads.


As you may be aware that the Starbucks app lets you pay at checkout with your phone, and can also reload Starbucks gift cards by automatically drawing funds from your bank account, credit card or PayPal. This is how hackers have been gaining access to all their sensitive financial data. The report notes that several Starbucks customers who were interviewed have had this happen to them in recent months. The very first Starbucks theft was reported by consumer journalist Bob Sullivan.

Here’s a story of one of the many victims:

It happened to Jean Obando on the Saturday evening of December 7. He had just stopped by a Starbucks in Sugar Land, Texas and paid with his phone app. Then while driving on the highway, his phone chimed with a barrage of alerts. PayPal repeatedly notified him that his Starbucks card was being automatically reloaded with $50.Then came the email from Starbucks.

“Your eGift Just Made Someone’s Day,” the email said. “It’s a great way to treat someone — whether it’s to say Happy Birthday, Thank you or just ‘this one’s on me’.”

He got 10 more just like it — in just five minutes.Starbucks didn’t stop a single transaction or pause to ask Obando for secondary approval. All of them went through. When Obando told Starbucks he thought his account was hijacked, Starbucks promised to conduct a review. When Obando asked to stop the payments and refund his money, Starbucks told him to dispute the charges with PayPal.

After two weeks, Obando eventually got back his $550, though it made him realize that Starbucks doesn’t seek enough approval from customers before directly accessing their bank accounts.

“Technology runs through my veins...” | Follow me: @DrUsmanQ usman@iPhoneinCanada.ca

  • bringer666

    My starbucks account was hacked last week. Luckily they only took all the money from my current cards (about $65). Nothing was taken from my Visa or bank accounts. I got the email from Starbucks saying that my password was changed which is what alerted me to the problem. Starbucks refunded all my money and gave me new cards.

  • Chrome262

    one problem is by default the cards will auto fill. If you don’t go though and turn off the feature it will refill itself. So if you turned it off then you don’t have to worry about this. And Starbucks didn’t officially recognize this at all, they say they were not hacked. CNN is always suspect my man

  • Wow. Are you based in Canada?

  • bringer666

    Yes, I’m in B.C.

  • andrewe

    CNN: “Hackers are draining bank accounts via the Starbucks app”

    iPiC: “Hackers Stealing Credit Cards and PayPal Accounts via Starbucks App”

    Those are two very different titles. Your title sensationalizes the story; hackers are not stealing credit card and PayPal account details.

  • Yup. Incredibly misleading. Simply adding the word “from” in there (“Hackers Stealing from Credit Cards and PayPal Accounts via Starbucks App”) would make it true.

  • bringer666

    My account is not set to autofill so that probably saved me (actually Starbucks) some cash.

  • JacobWaltz

    they charge $7 for coffee do you really think they “care” anything about you 🙂