Dunkin Donuts Resets Passwords After Enduring Credential Stuffing Attack

For all donut lovers out there, it’s time to reset your account passwords if you have been a customer of Dunkin Donuts. Allegedly, after facing a cyber attack, Dunkin Donuts reset passwords of its users’ accounts out of an abundance of caution. Fortunately, the company did not suffer any data security breach. However, the credential stuffing attack clearly shows that the hackers already possess users’ accounts login details.

Dunkin Donuts Reset Passwords After Credential Stuffing

As disclosed recently by the Dunkin Brands Inc, the firm has endured a cyber attack affecting its customers’ accounts. The company came to know of an alleged credential stuffing attack from one of its security vendors. After knowing the incident, Dunkin Donuts reset passwords of DD Perks accounts as a security measure.

According to their vendor, the breach may have occurred via third party sites where the DD Perks customers might have used the same login credentials. The attack was noticed after a third-party attempted to log in to certain accounts. As explained in their security notice,

“On October 31, 2018, we learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break into various online accounts across the Internet.”

Regarding the breached information, Dunkin states that it depends on the extent of information contained in affected DD Perks accounts. Nonetheless, the attackers may have accessed the customers’ names, usernames, email addresses, DD Perks 16-digit account numbers, and QR codes.

Security Steps Taken To Protect Accounts

Dunkin confirms that the attack remained confined to users’ credentials only. The company’s internal security systems remained safe, ensuring no data breaches. Nonetheless, to prevent such happenings in the future, the firm has forced password resets for DD Perks accounts. Besides, they have also taken the necessary steps for assuring accounts’ security.

“We also have taken steps to replace any DD Perks stored value cards with a new account number, but retaining the same value that was previously present on those cards. We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident.”

In addition, the company also urges its customers to create “unique passwords for their DD Perks accounts” that they do not use elsewhere.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients