

Hackers are draining bank accounts via the Starbucks app - kaa2102
http://cnnmon.ie/1PjRcRy

======
kaa2102
This is a little mysterious because none of the articles have addressed the
exact vulnerability that enables thieves to do this. I've heard a news report
suggest "changing your password". This is curiously interesting.

~~~
fr0sty
By my reading of the article the attacker gains access to user's Starbucks
account, adds another card and transfers money to it. It doesn't appear to
involve the mobile app at all.

The real problem seems to be with the lack of rate-limiting of the auto-reload
feature.

