Gartner® Checkmarx Named a Leader in the 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security Get the Report
Outlook Report The Future of Application Security in the Era of AI Download Now
Latest Innovations
Checkmarx for Developers
Partners
Blog
Research

Starbucks customers’ mobile accounts breached by thieves

Some Starbucks customers have had money siphoned out of their Starbucks mobile app by thieves using a clever new attack, but Starbucks itself hasn’t been hacked, the company said Friday.
It works like this: First, the thieves buy stolen passwords and IDs on the underground market.
They then use an automated program to try the stolen combinations one after another on the Starbucks mobile app until one works, according to application security firm Checkmarx. This is what’s called a “brute force” attack. These programs can “process” hundreds of ID-password combinations a second.
If the user has it set the app up to automatically reload from their credit card or PayPal account, the thieves can immediately steal again as soon as the app has more money in it, according to application security firm Checkmarx.
Read the full article here.