Dunkin’ Donuts becomes the latest victim of credential stuffing cyber attack

The company was informed about the attack by one of its security vendors. Following the discovery of the attack, the firm enforced password resets to protect the DD Perks account holders’ accounts.

Dunkin’ Donuts was hit by hackers recently . The fast food chain has notified its ‘DD Perks’ customers that hackers may have gained access to their account profiles and personal data last month. The unidentified hackers carried out a credential stuffing attack to obtain access to users’ account information.

The company came to know about the attack from one of its security vendors. It is still unknown as how many customers have been affected in the breach.

“Third-parties who obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts,” a spokesperson from Dunkin’ Donuts told ZDNet. “These individuals then used the usernames and passwords to try to break into various online accounts across the internet.”

ZDNet reported that the information which may have been accessed by the hackers could include customers’ first and last names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes. Following the discovery of the attack, Dunkin’ has forced a password reset to protect the DD Perks account holders’ accounts.

“Dunkin’ enforced password resets that required potentially impacted DD Perks account holders to log out and log back into their account using a new password. To protect their security, guests are encouraged to change their passwords on a regular basis,” said Dunkin’ said in a statement, Fox61 reported.


Credit: https://cyware.com/news/dunkin-donuts-becomes-the-latest-victim-of-credential-stuffing-attack-859a191e