Starbucks blaming passwords, victims doesn’t fix the problem; burning questions about attack remain
As I pointed out in reporting on Starbuck’s response to Bob Sullivan’s disclosure of a breach involving the mobile app accounts, not everyone would find their explanation and response satisfactory. Today, Bob Sullivan fired back:
Since I broke news of the Starbucks mobile pay / gift card /credit card attack last Monday, there has been some confusion about what the real risk is, who is to blame, and how to fix the problem. This is not unusual when a security issue arises with a large company that’s not offering a lot of detail about what’s going on.[…]
Starbucks actually never denied that intruders had hijacked consumers accounts, and anyone can find victims complaining about just that with a few moment’s work, but some journalists seemed eager to clear Starbucks of any culpability in the issue. That’s unfortunate, because my email this week makes it clear that plenty of Starbucks customers are pretty angry at the way this issue has been handled, and many of them don’t appreciate being blamed for having their money stolen after they placed their trust in Starbucks.
Read more on BobSullivan.net.