Criminals were able to steal up to $115 in few seconds.
Starbucks has confirmed that is the latest victim of cybercrime, confirming criminals are hacking into individual customer rewards accounts and stealing hundreds of dollars.
The vulnerability was found in the Starbucks app, which is linked to the user’s bank account, credit card or PayPal.
Using the app users can make payment for purchases and can reload Starbucks gift cards through the app.
Hackers broke into the app and used the auto-reload function, then added a new gift card, transfered funds over, and repeated the process when the original cards were reloaded.
Revealed initially by consumer journalist Bob Sullivan, he said that the fraud is a serious issue as the coffee giant processed $2bn in mobile payment transactions last year, and one in every six transaction is being done by the Starbucks app.
Starbucks said: "The company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions.
"To protect the integrity of these security measures, Starbucks will not disclose specific details but can assure customers their security is incredibly important and all concerns related to customer security are taken seriously."
The company is also asking customers to change their passwords and review bank statements for suspicious activities.