My guess would be that someone wrote a script to figure out the pin number. Starbucks pin is just 8 random digits. There is no captcha if you put an incorrect pin. One should be able to figure out the pin pretty quickly like this. Once you have the pin you can transfer the money onto your own account or write a script to automate the process.
They either guessed or brute forced it. Both of which are essentially illegal computer hacking.
I don't know about you, but I'm not going to do business with someone (here the Founder of Freshplum) if they enjoy hacking credit accounts in their free time.
His reason for doing so is so poor that I worry about his ethics in other affairs.
But he specifically mentioned having to physically be at the Starbucks. Why would he do that if he had cracked the PIN? I think there's a way for them to transfer from one card to another, physically at the stores POS system. Can't think of anything else.