If you use the Starbucks app with a linked credit card to pay for java with your phone, now would be a good time to change your account password. The Seattle-based coffee company confirmed Wednesday that some of its customers had funds withdrawn from the credit card linked to the app without their knowledge.
However, Starbucks says that the hack does not expose any personal data nor does it affect payments with the Apple Watch. The company has yet to issue a patch for the vulnerability, instead deflecting blame towards its customers (and their poor password choices) for instigating the issue. As such, app users would do well to unlink their credit card, then change the account password before relinking it. Or maybe just pay with cash next time.
Update (5/18): As laid out in the statement from Starbucks, and explained by security researcher Brian Krebs, it does not appear that the Starbucks app or system has been hacked. The problem mostly stems with reusing passwords, and that one's Starbucks account is linked directly to their payment card. The coffee company claims that as long as your card is registered, the account balance is protected and you should contact the company. As always -- unique passwords are your friend.