Head Office: "Block and Report Problematic Overseas IPs"
Full Refund of Recharge Amounts for Affected Customers
Regular Requests to Update Customer Information
About 90 Starbucks Korea application (app) users' accounts were hacked, resulting in a total of 8 million KRW being fraudulently charged. Starbucks blocked the problematic overseas IP and fully compensated the affected accounts' balances.
On the 14th, Starbucks announced on its homepage, "On the 10th, there was an attempt to illegally log in to our app using randomly combined stolen IDs and passwords through overseas IPs," adding, "The balances of accounts that successfully logged in were stolen and used for payments."
They continued, "Upon confirming the incident, we immediately blocked the attackers' overseas IPs and reported the matter to the relevant authorities," and "We have fully compensated the balances of customers confirmed to be affected."
So far, Starbucks has identified about 90 cases of damage, with stolen balances amounting to approximately 8 million KRW.
The hacking method used in this attack is presumed to be 'credential stuffing,' which involves illegally obtained user information such as IDs and passwords being randomly applied to accounts on other sites. This method targets users' habit of using the same ID and password across multiple apps for ease of memory.
Starbucks expressed concern that customers who use the same ID and password on multiple sites may be vulnerable to related damages and requested that users regularly change their personal information.
A Starbucks representative explained, "To prevent recurrence, we have blocked the app screen capture function on Android smartphones and plan to block the app screen capture function on iPhones soon," adding, "This measure is to prevent capturing and sharing the app's barcode with others."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
