Hackers started selling the stolen details of 219,000 customers of Starbucks Singapore over various hacking forums…
It has been officially confirmed that more than 219,000 customers of the Starbucks Singapore branch were affected by a data breach incident. On September 10, a threat actor on a famous hacking forum advertised the sale of a database containing personal information for 219,675 Starbucks customers, which served as the first indication that they had been compromised.
"pompompurin," the proprietor of the hacking forum, entered the conversation to support the validity of the stolen material, claiming that the offered samples contain sufficient proof of authenticity.
Yesterday, Starbucks Singapore mailed out letters informing consumers of a data breach and indicating that personal information such as names, email addresses, and physical addresses may have been compromised.
Starbucks has 125 locations in Singapore, but only customers who have placed orders using the app or made purchases through the website have been affected by the recent security incident. The American coffee shop has issued a statement stating, "We are aware of the unauthorized behavior affecting a small number of customer accounts in Singapore and are working with our licensed operator in the market to secure client information."
A spokeswoman for Starbucks further elaborated on this issue to local media sites, where the data breach was verified once again.
Moreover, Starbucks does not keep financial data such as credit card numbers, thus there was no risk of any such information being stolen. Starbucks Singapore also advises its consumers to change their passwords and be on the lookout for unusual activity, even though the company has found no evidence that account passwords, Rewards memberships, or credits have been compromised.
On hacking forums, a data seller claims to have sold one copy of the stolen data for $3,500 and is willing to sell at least four additional copies to prospective customers.
The purpose of this restriction is to artificially maintain a high value for the data being given, as doing so would reduce its worth if sold to several threat actors due to the increased likelihood of many simultaneous attacks.
Customers in Singapore are more likely to fall victim to phishing, social engineering, and scams if Starbucks continues along this path.
Intruders could create their own coupon codes, alter pricing plans, and more when the hacker gave access to the admin panel for $25,000.
Unfortunately, at some time, we lost access to the administrative dashboard, thus we had to rescind the transaction and are now only offering the data in the database. Safeguards in place at Starbucks, as at any other big shop, allow for continual monitoring of fraudulent behavior, which in this case allowed for the quick discovery of unauthorized conduct. Customers are urged to increase the safety of their personal data by not reusing passwords across numerous sites, especially those that include financial data.