An oversight from Starbucks exposed one of its subdomains to takeover threat. A security researcher found that a Starbucks subdomain had a DNS pointer to an Azure cloud host that had been abandoned. The problem is that anyone registering the cloud host would receive data intended for the subdomain. An attacker could use the Starbucks sub domain to carry out XSS and session hijacking attacks. The issue was discovered on August 1 by a Berlin-based hacker, and reported to Starbucks through its bug bounty program on HackerOne platform.
Source: https://www.bleepingcomputer.com/news/security/starbucks-abandons-azure-site-exposed-subdomain-to-hijacking/