1. Prem WatsApp's Avatar
    What's the markup on yogurt?

    Z30something
    A lot if you buy bulk in 5kg tubs... :-)


    �   Passposted while waiting for the Z-lider....   �
    05-16-15 06:05 PM
  2. TgeekB's Avatar
    A lot if you buy bulk in 5kg tubs... :-)


    �   Passposted while waiting for the Z-lider....   �
    Well, that would make a difference! #TubsOfYogurt

    Be classically hip with the BlackBerry Classic
    05-16-15 06:13 PM
  3. Denise in Los Angeles's Avatar
    It wasn't the app that was hacked. More accurately it's a combination of obtaining a user's password, and then exploiting Starbuck's rather poor implementation of security.

    Basically, the attacker obtains the account holder's Starbucks password by whatever method (phishing, guessing easy passwords, obtaining re-used passwords from another source etc..), they then log into the victim's Starbucks account, and if the account has a bank/credit-card account linked to their Starbucks account, they then create a new re-loadable electronic gift-card, fill the electronic gift-card, then forwards the contents of that virtual gift card to wherever they wish. And with the Auto-Reload option turned on, every time the gift card is emptied, it's automatically reloaded. One instance I read about, the victim's phone lit up with notifications showing $50 being auto reloaded 10 times in a few minutes.

    Two-Step authentication would mitigate the issue. As well, I can't believe Starbucks didn't have any method to recognize when somebody's auto-reload was constantly pumping money out of someone's account.
    I have to honestly disclose my total ignorance about these SB reward cards. I re-gift any SB cards which I am given, so I don't know about the process.

    Reading this thread, I am wondering a bit more about the hacking.... Doesn't the hacker need to guess the card number and the right pin number too? That is some good guessing if they aren't actually getting into the back end of SB's system. Impressive.
    blackmoe likes this.
    05-18-15 01:26 PM
  4. blackmoe's Avatar
    card number[/HL] and the right pin number too? That is some good guessing if they aren't actually getting into the back end of SB's system. Impressive.
    Nope, just the account login because he then adds in his own rewards card(s) and lets it auto top it up from the victim's credit card associated with the account.
    05-18-15 01:47 PM
  5. Denise in Los Angeles's Avatar
    Nope, just the account login because he then adds in his own rewards card(s) and lets it auto top it up from the victim's credit card associated with the account.
    Isn't the account login process - two fields, card number then pin number??
    05-18-15 02:19 PM
  6. DenverRalphy's Avatar
    Isn't the account login process - two fields, card number then pin number??
    It's just a username (email address) and password login. After you log in, then all your account information is available at your fingertips. Even if it were a card number and pin login, if the account was compromised via phishing attacks (probably the most likely), then they'd have that information as well.
    05-18-15 02:35 PM
  7. ALToronto's Avatar
    Too many people have very simple passwords, like 1234. BlackBerry had issued a list a while back of the 100 most common passwords that they were no longer going to accept for BBID. However, nobody else imposed such a policy.

    With cards such as Starbucks or Tim Hortons, most people never load in excess of $30, so they don't bother with strong passwords. However, as soon as they sign up for auto reload and link their bank account or credit card, they've made themselves very vulnerable.

    I know what banks have to go through to make mobile banking secure. Coffee chains don't use the same security systems, yet they offer the convenience of auto reload, and customers are too gullible to understand the risk they're taking. Sure, use the app, keep up to $30 loaded on it, but don't link your bank or cc accounts to it! If customers thought about it for a few seconds, they'd realise that just because a convenient option is available, doesn't mean it's a good idea to use it.

    Posted via CB10 from my awesome Passport
    05-18-15 05:26 PM
82 ... 234

Similar Threads

  1. Cobra iradar app issue.
    By Mike Robison in forum BlackBerry Z10
    Replies: 3
    Last Post: 07-07-15, 05:12 AM
  2. Any secret recoding app?
    By jontadmor in forum BlackBerry Passport
    Replies: 5
    Last Post: 05-15-15, 12:14 PM
  3. Anyone get Leafly app to work on z10??
    By thoth the atlantean in forum Ask a Question
    Replies: 2
    Last Post: 05-14-15, 07:13 PM
  4. Emberify offer up more free copies of their apps!
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 05-14-15, 11:22 AM
  5. SPG app on Passport - hotel key support
    By sophace in forum BlackBerry Passport
    Replies: 1
    Last Post: 05-14-15, 10:57 AM
LINK TO POST COPIED TO CLIPBOARD