The Korea Herald

지나쌤

Hackers steal W8m from Starbucks app

By Yu Ji-soo

Published : July 14, 2023 - 14:57

    • Link copied

(123rf) (123rf)

The official Starbucks Korea mobile application was hacked on Monday, resulting in the theft of approximately 8 million won ($6,300) from the in-app cards of some 90 customers.

A recent post from someone on an online forum alleged that unauthorized payments worth a total of 2.8 million won were made in one day via their Starbucks app in 11 separate transactions, both online and in-store.

"A payment of 300,000 won was made online from my account linked to the Starbucks app, then an additional 2.5 million won was spent at Starbucks stores in Seoul City Hall and Myeongdong using someone else's app card -- which I’ve never used,” the post said. It also mentioned that most of the items that were purchased were reusable tumblers and cups.

"Many Koreans use Starbucks, so payment-related incidents are quite a significant issue," the author of the post added, expressing the hope that the franchise would remove its automatic recharge feature.

In response, Starbucks Korea released an official statement on its website on Thursday, stating that there had been an attempt from overseas on Monday to log in to Korean accounts using usernames and passwords that were acquired illegally. They also disclosed that unauthorized use of the accounts’ recharge balance had occurred.

The hacking method that was used is believed to be credential stuffing, which involves the automated injection of stolen username and password pairs in to website login forms in order to fraudulently gain access to accounts. The hacker mainly targeted users who use the same username and password for multiple apps.

Starbucks stated that they have since blocked the hacker's overseas IP address and reported the incident to the relevant authorities while conducting their own investigation.

They have also taken additional measures, such as guiding customers through password resets. For directly affected customers, the franchise has fully compensated for lost recharge funds.

"To prevent this from happening again, we have disabled the app screenshot function on Android smartphones, and we plan to do the same for iPhones soon," Starbucks said. This measure is aimed at preventing people from sharing screenshots of app barcodes, the company added.