Starbucks acknowledged the problem on Wednesday, but said the thefts weren't related to the app, blaming them on weak password protection by customers.
"Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions," the Seattle-based coffee company said in a statement.
The app lets consumers pay for drinks and food through their mobile phone. It can also reload Starbucks gift cards by drawing funds from a bank account, credit card or PayPal.
Hackers have found a way to get into the app, buy a new gift card and transfer the funds to themselves.
Consumers in several areas of the U.S. have reported getting several emails from Starbucks in the space of five minutes that tell them their Starbucks gift card had been successfully loaded. It took only a short time for thieves to siphon hundreds of dollars from their accounts.
Although the repeated emails alerted consumers that something was wrong, they were unable to stop the transfers.
In at least one case, the consumer cancelled the app and started paying with a debit card or old-fashioned cash to defeat the hackers.
Consumers urged to change passwords
About 16 million people use the Starbucks mobile payment system. The app is important to the coffee chain because it enhances customer loyalty.
Starbucks emphasized that customer information has not been stolen from its app. It urged customers to use different passwords and log-on details for other internet accounts as hackers were stealing their information from other sites.
"If a customer believes their account has been subject to fraudulent activity, they are encouraged to contact both Starbucks and their financial institution immediately. Customers are not responsible for charges or transfers they did not make. If a customer's Starbucks Card is registered, their account balance is protected," read the Starbucks statement.
The hacking scheme is part of a new trend in fraud – targeting alternate payment systems that are often easier to break into than bank security systems.Suggest a correction