Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Credential Stuffing Attack may have led to Hacking of Dunkin’ Donuts Accounts

 

Customer data of Dunkin' Donuts got hacked in credential stuffing attack. Dunkin' Donuts announced on the evening of November 27 (i.e. Tuesday), 2018, that data breach in the month of October this year might have led to compromised personal information of customers'.

 

Dunkin' Brands Inc. posted an advisory on its website on October 31, 2018, which said that a malicious actor tried to access the first names and the last names of the customers, their email ids along with the account information for the DD Perks, rewards program of Dunkin Donuts'. The account information for the DD Perks included DD Perks 16-digit account number and QR code. The donut giant has forced the affected DD Perks account holders to reset their passwords, which means they have to log out and log in back again by using new password.

 

As per Dunkin Donuts', the hacker might have obtained the usernames and passwords of the customers from the security breaches of various other companies. The company added that the hacker then tried using those usernames as well as passwords to other different online accounts through widespread automated login requests - method also called as credential stuffing.

 

The company issued a statement, which said, "although Dunkin' did not experience a data security breach involving its internal systems, we've been informed that third-parties obtained usernames and passwords through other companies' security breaches and used this information to log into some Dunkin' DD Perks accounts".

 

Dunkin' Donuts said that although their security vendor has successfully stopped most of the attempts, but still there is a possibility that the hacker might have succeeded to login in a few DD Perks accounts.

 

This kind of an incident points towards the fact that different account should have different passwords. Vice President of customer success, NuData Security, Ryan Wilk, says that just asking the customers to change the passwords is not the mere solution to the problem; it is just a temporary solution. As per him, "one effective way to stop this type of attack is to implement security solutions that detect this sophisticated automated activity at login and other placements. By using technologies that include behavioral biometrics, automated activity is flagged at login before it can even test any credentials in the company's environment".

» SPAMfighter News - 12/19/2018

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next