What every CSO should be doing now about the Starbucks potential hack

starbucks sign
poolie (Creative Commons BY or BY-SA)

The potential hack of the Starbucks’ app is now a major news story. Whether or not the stories are correct, that criminals have used the automatic reload feature of the Starbucks’ app to steal money from a consumer’s account, it is an incredible opportunity to demonstrate the relevance of your security efforts, as well to demonstrate that you provide value to the employee base.

[ ALSO: Hold the foam: Starbucks releases iOS app update in response to security reports ]

I would strongly recommend that you put out a brief message that states the issue, without the hype, and what your users should be doing in response. Below is a sample message:

The security department realizes that many employees use the Starbucks mobile app, and are hearing a great deal of hype surrounding a potential security compromise. We researched the issue, and while it is not formally confirmed that there was an actual compromise, we recommend that you take the following actions:

  • Change your Starbucks account password immediately
  • Check your account for any unusual activity
  • Do not use an easily guessable password on your account
  • Do not reuse the same password on multiple accounts

Be aware of potential phishing messages taking advantage of the hype. Go directly to www.starbucks.com to access your account and do not follow links in email messages.

Whether or not you have a Starbucks account, this is a great reminder to just practice good computer security. This includes always using strong passwords, never reusing a password on multiple accounts, and changing passwords frequently.

Please feel free to contact us with any questions.

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)