Learn how Starbucks combats credential stuffing & account takeover (ATO)

Learn how Starbucks combats credential stuffing & account takeover (ATO)

Many thanks to the great folks at Shape Security, who have sponsored my writing for the last week.

“These are not kids in mom’s basement attacking us.”

Nearly five million people around the globe buy Starbucks coffee from their mobile app every single day. Forty percent of those purchases are paid using Starbucks’ gift card/stored value system, making the app a ripe target for account takeover (ATO).

Starbucks was one of the first enterprises to identify the growing threat of credential stuffing and mass ATO attacks. The security team tried using WAFs and CDN-provided bot solutions, but found those methods were no match for ever-evolving attackers.

Watch Shape’s discussion with Starbucks to learn how the two companies partnered to help combat ATO and hear answers to questions including:

  • How have attackers evolved at Starbucks over the past three years?
  • How can we leverage a collective defense to turn the tide on attackers?
  • How does Starbucks balance security with user friction?

Learn more now!

Shape Security is defining a new future in which excellent cybersecurity not only stops attackers, but also reduces friction for good customers. Shape disrupts the economics of cybercrime by making it too expensive for attackers to commit online fraud, while also enabling enterprises to more easily transact with genuine customers.

The Shape platform, covered by 55 patents, stops the most dangerous application attacks enabled by bots and cybercriminal tools, including credential stuffing (account takeover), fake account creation, and unauthorized aggregation.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES