Security flaw found in Starbucks gift cards
OTTAWA (KGO) -- A Canadian man claims to know about a substantial security flaw involving mobile telephones and Starbucks gift cards.
Starbucks customer Chris Ewing told CTV Canada that the 16-digit pin number found on the back of unactivated gift cards at the register can be entered into the Starbucks app to generate a barcode. That barcode can later be scanned by baristas in place of the physical card when buying items at Starbucks.
The flaw is the card doesn't need to be activated right away in order for a barcode, known as a Quick Reference code, to be generated by the application, meaning once the card is activated, a thief could use the already-generated QR code on his or her phone to make purchases.
Starbucks gift cards contain PIN numbers that are hidden on the back, but the PIN number doesn't need to be used at the register when paying for beverages through the mobile QR code.
CTV reports it was able to replicate the issue when the station purchased a gift card for its story.
Possible fixes include placing the gift cards behind the counter where customers can't readily access them until purchased, or only allowing the Starbucks app to generate barcodes for cards that have been activated by a cashier.
starbucks, holiday, technology
- Missing fisherman's body recovered after accident
- SF officer hurt in crash with armed robbery suspects
- Bay Area man survives avalanche on Mount Everest
- More bodies found inside South Korean ferry
- A's score 3 in 9th, rally past Astros 4-3
- Elderly woman beaten, robbed in Santa Cruz
- 2 men injured in separate shootings in East Oakland
- Woman travels to Vegas to celebrate 103rd birthday
- Hundreds paddle out for surf icon Hobie Alter
- $14M awarded in suit linking contraceptive, stroke
- Sacramento Co. sheriff seeks surveillance footage
- CHP officer struck by hit-and-run driver on Highway 101
- Minimalists find happiness living with less
- weather: Bay Area weather forecast for Sunday