Skip to main content

Research Repository

Advanced Search

Apple and Starbucks could have avoided being hacked if they'd taken this simple step

Buchanan, William J



Apple and Starbucks are two of the world’s most trusted companies, but their reputations were recently tarnished thanks to some novice cybersecurity mistakes. Both setup systems that could have allowed hackers to break into customers' accounts by repeatedly trying different passwords, a procedure commonly known as a “brute force” attack. The mistake both firms made was in not employing the simple tactic of automatically locking accounts after several failed attempts to enter a password. Last week it was revealed such tactics allowed thieves to steal money from users of Starbucks' mobile app. In 2014, an investigation around the publishing of nude photos of celebrities taken from their iCloud storage accounts, identified that intruders could access Apple’s Find My iPhone app by continually trying different login details. In order to protect against this type of attack, many sites block login after a given number of incorrect attempts. The system can then go into a permanent lock-out mode (where the user must perform a lock-out procedure, such as calling the hosting company to verify their account), or lock out for a given time (known as the hold-down time).

Publication Date May 19, 2015
Deposit Date Aug 7, 2015
Publicly Available Date May 15, 2017
Keywords Apple; Starbucks; cybersecurity; brute force attack; password lockout;
Public URL


You might also like

Downloadable Citations