Hacker Steals and Sells Customer Data for Singapore Starbucks

On September 10th, 2022, a sale of compromised Starbucks database in Singapore containing customer data was posted in the hacking forum BreachForums. The database contains 553,198 records, affecting approximately 219,675 Starbucks customers who have made transactions with Starbucks through the beverage company's mobile application or online store. The hack exposes customer data pertaining to their application user ID, date of birth, phone number, residential and email addresses. Starbucks Singapore confirmed the breach and notified affected customers. After and assessment Starbucks found the breach did not affect customers’ financial details and any store value rewards. Despite the breach not affecting customer login credentials, Starbucks urges customers to reset credentials. The threat actor is selling the compromised data for $3,500 and has already completed a transaction with one buyer. The data remains available for sale to four additional buyers.

‍