The widely coveted global beverage chain, Starbucks, has recently reported a cyberattack incident in its Singaporean division that affected more than 219,000 customers. According to reports, a threat actor first posted on the dark web on September 10, selling Starbucks’ database that contained about 219,675 customer data.
To verify the uploaded database, a threat actor named ‘pompompurin’ said that the samples carry substantial proof that proves their authenticity. Moreover, Starbucks Singapore also confirmed the claims of the unknown hacker as they began sending out notification letters to all affected customers.
In the threat advisory, Starbucks Singapore detailed which data were compromised because of the recent cyberattack.
As listed by Starbucks’ Singaporean division, the data impacted by the breach are customers’ full names, genders, birthdates, contact details, email addresses, and residential addresses. Although the advisory stated that the data breach only affected Starbucks mobile app users for order placing, it is still critical for all customers to monitor their accounts and report any suspicious activities using their data.
Aside from the Starbucks mobile app users, the cyberattack also affected the beverage chain’s website users to order from their menu from any of their establishments within Singapore.
Customers are relieved that the incident does not impact their banking information after Starbucks clarified that they do not store such sensitive data on their systems. However, all customers must still be cautious and reset their passwords immediately.
On the other hand, the hackers that posted the database on the dark web claimed that they had already sold one copy of it to another threat actor for $3,500. They also added that they still accept at least four more buyers of the Starbucks database copies for the same price.
As more hackers get ahold of the compromised database, the chance of Starbucks customers being victimised becomes high. Security experts look at some notable cyberattack methods possible to happen, including phishing, identity fraud, and social engineering attacks.
Since the cyberattack incident of the Starbucks Singapore division has been confirmed, all customers have been exposed to security risks. While the beverage chain does proper incident mitigation response, users should also do their part in securing their accounts while the hackers have yet to exploit them.