Wednesday was not a great day for me. It started off fine enough, but (ironically) soon after grabbing my morning coffee, I received an e-mail from Starbucks thanking me for reloading my card. The problem was that I had done no such thing. However, I thought perhaps my wife or some benevolent family member had graciously added money to my card for some reason. That fantasy lasted for only a couple of minutes before I got a follow-up e-mail confirming that I had transferred $55 from my card to another card.
Natually this latter message sent me into panic mode. After authenticating the messages and ensuring they really were from Starbucks, I called their customer service — pulse racing, all the while. Thankfully, they were able to reverse the charge made to my debit card, refund the additional money that had been stolen, and are sending me a new Gold Card to be safe. After squaring all that away, would you care to guess what my next step was? Yup: change my password.
I realized soon after that it had been a long time since I updated this particular password. In fact, it was not only a throwback to one of my long-retired gotos that didn’t even meet the simplest of security standards most sites now demand. Clearly, I had made myself a target by not correcting this problem sooner. But the good news is that, since that password is no longer for anything else, it seems that only my Starbucks account was compromised — although you can bet I updated my key financial passwords to be safe.
Incidentally, as I learned from Googling after the fact, this particular attack is not exactly new. As a 2017 Good Housekeeping post details, users have complained of similar attacks dating back to 2015. Although Starbucks themselves have not reported any breaches, it’s possible that hackers can get your password from other leaks and try their luck. In that aspect, it actually makes far too much sense that they were able to access my account in this way. (For the record, I also doubt these thieves are buying lattes with the money but more likely trying to resell cards to unwitting buyers.)
The moral of the story isn’t just that you should probably strengthen your Starbucks account password (although I’d recommend it), but that you may want to take a closer look at your password patterns and make some updates. This should include looking at ways to generate strong passwords as well as set reminders to update your passwords every so often. You can also look into password management tools like LastPass to help keep you protected.
All told, I’m extremely glad that my wakeup call to the importance of keeping my personal data safe came at a cost of only $55 (which, as I mentioned, was refunded), as it could have been much worse — who knew that passwords would become such an integral part of personal finance?