According to
reports, hackers have gained access to a number of Starbucks mobile app accounts.
The source of the compromise is reportedly due to account passwords being guessed or reused, giving attackers access to customer accounts through the application program interface (API).
If an attacker gained access to a username and password, he or she is able to refill the customer’s app account and then gift the balance to an attacker’s email address.
A key weakness that is being exploited is the lack of two-factor authentication, which should be available in any mobile app with purchasing capabilities in order to verify the transaction.
