An attacker group claims to have snatched data from Starbucks AWS cloud storage and is demanding $500,000 from the company. However, our research team believes that the claims don’t carry much weight.
-
Hacker group Shadowbyt3$ demanded $500,000 from Starbucks for alleged data breach involving source code.
-
Security researchers found no credible evidence linking leaked data to Starbucks, only smoothie pictures and generic screenshots.
-
Starbucks previously suffered confirmed breach in March affecting 900 employees through compromised HR platform via phishing attack.
The malicious gang Shadowbyt3$ posted alleged Starbucks data on its dark web blog, claiming that it breached the American coffeehouse chain in early April.
The hacker group claims it accessed the company’s Amazon Web Services (AWS) Simple Storage Service (S3) bucket and retrieved prod data. Production servers typically contain environments where systems are running.
“Starbucks failed to reach out to us and didn’t pay even $500,000 when we know they can afford it. It’s not that much we were asking for,” the attackers said in their dark web post.
We have reached out to Starbucks for comment and will update the article once we receive a reply.
Meanwhile, our research team investigated the data that the attackers shared. According to them, Shadowbyt3$ shared a dataset as proof of the supposed Starbucks data breach.
However, the data mostly includes screenshots of folder contents. Other samples indicate the attacker may have access to the source code of a web application, but the team did not observe any links or indications that it belongs to Starbucks.
Losing source code could spell bad news for any company. For one, aggressive competitors or threat actors could attempt to exploit the source code to scour for vulnerabilities that could penetrate deep into the company’s systems.
However, the team believes the Shadowbyt3$ claims lack adequate proof.
“Other than that, there are a few smoothie pictures that look like they're from a random coffee chain, and a screenshot of a folder named Starbucks_stolen_data. From what’s included in the data sample, attacker claims do not appear too credible at the moment,” the team explained.
Shadowbyt3$ first announced the Starbucks data breach on April 1st, 2026, alleging that it got its hands on at least 10GB of data, including beverage machine firmware, global managing tools, and source code.
While the attackers set a deadline for the company to pay by April 5th, it took them over a month to leak the alleged Starbucks data.
If confirmed, the Shadowbyt3$ breach would be the second time Starbucks has been forced to deal with data security issues. In March, the company reported a data breach impacting hundreds of employees after attackers gained access to an internal HR platform via phishing.
A data breach notification from Starbucks said that cybercriminals had accessed its Partner Central accounts system between January 19th and February 11th, allowing unauthorized actors to access the personal details of over 900 individuals.
In 2024, Starbucks was affected by a supply chain attack after one of its technology partners, Blue Yonder, was hit by ransomware just before Thanksgiving.
A Starbucks branch in Singapore also disclosed a data breach in 2022 that affected more than 219,000 customers.
Starbucks employs more than 380,000 people worldwide and operates nearly 41,000 locations across 88 countries, with a revenue exceeding $37 billion.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked