Leave a comment

Another Starbucks bug! But this one pays YOU, not hackers

Another Starbucks bug! But this one pays YOU, not hackers
Photo courtesy of SHUTTERSTOCK

Remember when I told you all about how hackers have found a way to break into Starbucks gift cards without even knowing account numbers? It turns out, they can access the gift cards, take money off of them so the gift card balance reaches $0 and then access your bank account to reload your Starbucks card. Click here to read all about that incident.

This new twist reported over the weekend is the exact opposite - it could pay you! Ok, maybe not really pay you, but a security researcher found a flaw that let him put money on his Starbucks gift card ... money that appeared out of nowhere.

Security researcher Egor Homakov discovered a "race condition" bug inside Starbucks' payment system. The flaw allowed him to change the way money transactions are handled and made money appear from thin air. He explains the process in detail on his blog. Click here to check it out.

By exploiting a "race condition" bug on Starbucks.com, a common type of vulnerability for websites that handle money like Starbucks does, Homakov was able to change the way Starbucks.com handled transactions to end up with money from nowhere in his own account.

To test and see if this could actually be, he put $20 of the free money on two accounts, headed to the nearest Starbucks and bought himself lunch. Here's his reciept:

sbcheck

Next page: Find out what happened next.
Find out what Facebook says about you
Previous Happening Now

Find out what Facebook says about you

How the HUGE cable merger will affect YOU
Next Happening Now

How the HUGE cable merger will affect YOU

View Comments ()