A recent Singaporean Starbucks compromise led to the data of 330,000 users being sold online for just $3,500. Customers that had their data compromised received a recent email from the company.
Customer Data from Starbucks Singapore was Spotted Listed on an Online Forum Since Sept 10
According to the story by The Straits Times, they were able to find that the data that resulted from the breach was put up for sale on an online forum. The data was reportedly up for sale since Sept 10.
A spokesperson from Starbucks Singapore responded to inquiries regarding when the database was hacked, saying they were aware of the data breach only on Sept 13. This meant that the data breach continued unnoticed for at least three days, but it could be more.
Email from Starbucks Singapore Assures Victims Their Credit Card Data was Not Compromised
The Singapore Starbucks spokesperson also noted that the affected customers were the ones that had accounts and made transactions through its online store or app. As seen in the email, customers were informed that their credit card data had not been compromised.
The email assured customers that their credit card info was not compromised due to the company not storing that particular data. The note also ensured that info pertaining to the customer loyalty program also remained intact.
Starbucks Singapore is Fully Cooperating with the Authorities Regarding the Situation
This included information like stored values, rewards, and even credit that the customer was able to build over time. The spokesperson noted that they have immediately taken the needed steps in order for them to be able to protect the information of the customer.
The spokesperson also announced that they are fully cooperating with the authorities in order to investigate the issue. A Personal Data Protection Commission spokesperson responded to the queries of ST regarding the incident.
Data List was Selling for Just $3,500 Online
The spokesperson announced that they are investigating the issue and have already reached out to Starbucks to gather more information. A copy of the database, including the users' data, has already been sold, as of press time, at a listed price of $3,500, with four copies reportedly left being listed.
Kevin Reed, the chief information security officer for a cyber-security firm called Acronis, gave a caution to individuals that were affected, saying they should watch out for scam or phishing attempts over the span of the next few weeks.
Cybersecurity Expert Gives Advice on What Victims Should Do
He noted that his advice to those that have received an email from Starbucks regarding their data being leaked should "scrutinize any correspondence they receive from strangers or organizations."
The researcher announced that the hackers could use the user's personal information to make themselves seem trustworthy. In certain instances, users will reportedly be asked for a one-time password.
Related Article: Uber Security Breach: Hacker Claims to Access its Internal Systems
This article is owned by Tech Times
Written by Urian B.