Hacker Warns Starbucks of Security Flaw, Gets Accused of Fraud

← Back to Stories (view on slashdot.org)

Hacker Warns Starbucks of Security Flaw, Gets Accused of Fraud

Posted by Soulskill on Saturday May 23, 2015 @02:35AM from the biting-the-hand-that-doesn't-steal-from-you dept.

Andy Smith writes: Here's another company that just doesn't get security research. White hat hacker Egor Homakov found a security flaw in Starbucks gift cards which allowed people to steal money from the company. He reported the flaw to Starbucks, but rather than thank him, the company accused him of fraud and said he had been acting maliciously.

3 of 107 comments (clear)

Min score:

Reason:

Sort:

Re:No good deed goes unpunished by Anonymous Coward · 2015-05-23 03:46 · Score: 2, Interesting

In the new days, he posts to Sacurity and 5000 bored coders implement his hack for the hell of it.
They start with $100 gift cards and double their money.
Starbucks is out half a million dollars on the first day. The second day it's 5x that.
Since it's a Saturday, this goes on until Monday, 11am Pacific time. Emergency meetings are held but the hole can't be plugged overnight.
Total loss to the company is about $5 million by Wednesday afternoon.
disclosure by Lehk228 · 2015-05-23 05:07 · Score: 5, Interesting

more proof that responsible disclosure is foolish unless you are delaing with an organization you already have a solid IT/security relationship with.

in any other situation, just post the exploit kit anonymously and make a bowl of popcorn

--
Snowden and Manning are heroes.
Security wall of shame by Kardos · 2015-05-23 06:11 · Score: 4, Interesting

Looks like we need a security wall of shame that lists the response to flaw disclosures of each organisation, so people can quickly determine which companies will fix a flaw upon receiving a report, and which companies are hostile and should not be contacted.