What every CSO should be doing now about the Starbucks potential hack
[ ALSO: Hold the foam: Starbucks releases iOS app update in response to security reports ]
I would strongly recommend that you put out a brief message that states the issue, without the hype, and what your users should be doing in response. Below is a sample message:
The security department realizes that many employees use the Starbucks mobile app, and are hearing a great deal of hype surrounding a potential security compromise. We researched the issue, and while it is not formally confirmed that there was an actual compromise, we recommend that you take the following actions:
Be aware of potential phishing messages taking advantage of the hype. Go directly to www.starbucks.com to access your account and do not follow links in email messages.
Whether or not you have a Starbucks account, this is a great reminder to just practice good computer security. This includes always using strong passwords, never reusing a password on multiple accounts, and changing passwords frequently.
Please feel free to contact us with any questions.