I woke up to five "We auto-reloaded your card" e-mails from Starbucks overnight. They hit me for $500. They used my Starbucks card (linked to my debit card, set to auto-renew by adding $100 when the balance was low) to purchase email gift card codes in multiples of $25. Canceled my Starbucks card, canceled my debit card, filed a police report. The investigator determined that the codes were sent to a generic e-mail account in Canada, and that was the end of it. The bank was good and put the money back right away. They also changed my debit card number. Starbucks sent me a new card but they never quite fixed the "reload online" part (not auto-reload, which I disabled), so I can only reload in a store, which I'm OK with. Had I known it was going to be that easy for them to hack me, I would have never used auto-reload or had it save my credit card.