What?! 200000 Starbucks customer information leaked?!

Professional coffee knowledge exchange more coffee bean information please follow the coffee workshop (Wechat official account cafe_style)

For more boutique coffee beans, please add private Qianjie coffee on Wechat. WeChat account: qjcoffeex

The data of about 200000 Starbucks customers in Singapore have been leaked, and Starbucks customer information has been sold on online forums since Sept. 10, with one containing customer profile sold for S $3500, Singapore's Lianhe Zaobao reported. It is not clear how many shares have been bought.

Affected customers received an email from Starbucks on Sept. 16 saying that their personal information had been compromised. In the email, Starbucks said that "according to our security data practices, Starbucks in Singapore will not store customers' credit card information, please rest assured that customers' credit card information will not be affected."

Starbucks said it had taken additional measures to protect customer information, adding that all stored values, rewards and points that Starbucks rewarded members remained intact.

A spokesman for Starbucks of Singapore confirmed to Lianhe Zaobao that the company learned on September 13 that customers' personal data had been leaked. These customers are e-commerce customers who have registered with Starbucks and have previously completed transactions through Starbucks apps or online stores.

The spokesman said: "upon receiving the news, we immediately took the necessary measures to protect our customers' personal data. We have notified the affected customers by email and are fully cooperating with the investigation."

According to network data, a key was previously exposed on the GitHub backstage of Starbucks, which allows an attacker to access the internal system and change the list of authorized users. The severity level of the vulnerability is set to Critical because the key allows the attacker to access Starbucks' API (application programming interface).

A "cyber hacker" named Kumar discovered and reported the vulnerability. In addition to telling Starbucks which GitHub repository it was from to find the file containing the key, Kumar also provided code to demonstrate what damage an attacker could do with the key.

Three weeks after the report, Starbucks responded that "the vulnerability involved'a large amount of sensitive information 'and the reporter received a reward of $4000, the repository has been deleted and the key has been replaced." This can be said to be the highest reward for major loopholes at Starbucks. Generally speaking, the reward for Starbucks vulnerabilities is between $250 and $375.

Now the speed of social development is getting faster and faster, the digital era is in line with the trend of social development, with the advent of the cloud era, big data has also attracted more and more attention. According to data, in recent years, there have been many large-scale security incidents of data leakage, a total of nearly hundreds of millions of people's personal files have been leaked, resulting in economic losses difficult to estimate.

For a long time, businesses have adopted a variety of protection measures on their products, including security locks, smart cards, fingerprint identification, file encryption and so on.

In fact, we all know that these protective measures can only prevent data theft to a certain extent, not 100%. For "intentional" thieves, these methods still can not stop their evil hands. This time, the cause of the Starbucks data leak has yet to be officially answered.

A Starbucks spokesman stressed that Starbucks attaches great importance to the security of customers' personal data and will continue to spare no effort to protect customers' personal data. A spokesman for the personal data Protection Committee confirmed when asked that the authorities were investigating the incident and had asked Starbucks for more details.

Photo Source: Internet