Starbucks Account Hack - Comment from Webroot
May 2015 by Webroot
Whilst there have been no reports of similar incidents in the UK this should serve as a timely reminder for consumers and businesses alike to re-examine their security protocols.
Credentials leaked in previous cyberattacks are likely to have been used to allow hackers to siphon off money from Starbucks’ customers. The key security takeaway from this incident is the fact that as a company, your customers’ security information often doesn’t exist in a bubble. Passwords are frequently saved to browsers or documents, and are repeatedly reused by customers across separate online accounts. Consumers should take steps to regularly change their passwords and avoid using the same password across multiple online services.
Companies must anticipate this vulnerability by implementing more rigorous security processes, making it harder for hackers to access their customers’ accounts. Best practice for mitigating this is the implementation of a two-factor authentication process that requires the user to verify their identity when logging in from a new device or location whenever financial details are accessed or used. This extra security hurdle can effectively stop hackers in their tracks, while alerting the user to the unauthorised attempt to access their account and prompting them to change their password.