Close

RITE

Resources for Information Technology and Education

Information Security

RITE Information Security

2017-05-09

Apps and Vulnerabilities

Starbucks

Melissa Miszkiewicz

You may have heard this story on National Public Radio’s broadcast of Marketplace. In this report we learn that one quarter of Starbucks' sales are made through the Starbucks app. Do you have the app? If you do, the best advice is to remove it.

The individual featured in this report is an editor with BuzzFeed News, Vanessa Wong. Interestingly enough, while she was working on a story about a data breach at Chipotle, she received an email alert from Starbucks thanking her for replenishing her card balance by adding another $100. Given that she had no recollection of doing this, she checked her app which showed purchases made in San Diego, depleting her funds. Did I tell you she was in New York City at the time? No? Well, she was in New York City when the San Diego purchases cleaned out her account. My thought is that Ms. Wong must have had her credit card tied to her Starbucks card, and set to automatically replenish.

How’d they do it? Hackers steal login information and sell it online to other criminals. According to Ms. Wong, this happened to Starbucks customers in 2015 as well. Starbucks told people not to use the same userID and password for all accounts, and to go change passwords. The interviewer and interviewee seemed somewhat incredulous that Starbucks did not accept responsibility. Starbucks has a point. So, who’s responsible? In my opinion, the end-user, Ms. Wong, is ultimately responsible for her security on her device.

We, at Buffalo State, agree that information security requires a constant state of vigilance. Change your passwords regularly, and use strong passwords.

There are so many apps out on the market. Most require userID and password. How about this: if you don’t “need” an app, don’t download it. Be selective. Consider the value of the app v. the potential danger. Try not to store your password in your apps. It’s a pain, but enter it every time. And if possible, select two-factor identification. Information security is up to you. Even the strongest password is not enough. You have to change it regularly, and you have to use good judgment always.

Here are some links to YouTube videos about using strong passwords. All feature closed-captioning.
https://www.youtube.com/watch?v=-8miO1vcFBE
https://www.youtube.com/watch?v=8rkd9X68Pic
https://www.youtube.com/watch?v=94HV_MtDTis

Previous Article Next Article