Hackers Breach Dunkin’ Donuts Accounts

Tuesday Dunkin’ Donuts posted an advisory on the website regarding to its credential stuffing attack on the companies data.

 What does This Credential Stuffing mean?

Credential stuffing is a term related to a specific type of hacking that secures user credentials by breaching a system, and then attempts to use those credentials with other systems. Like other kinds of related hacking, credential stuffing attacks rely on hackers being able to get into a network and take out sensitive user information such as passwords and usernames.

Dunkin’ Brands Inc. advisory letter.

Dunkin Brands Inc. (“Dunkin’”) is writing to provide you with information regarding a recent
incident involving your DD Perks account. Although Dunkin’ did not experience a data security
breach involving its internal systems, we’ve been informed that third-parties obtained usernames
and passwords through other companies’ security breaches and used this information to log into
some Dunkin’ DD Perks accounts. One of these may have been your account and we want you
to know what happened, as well as the steps we are taking to protect your personal information.

What Information Was Involved?
The information involved depends on what you had in your DD Perks account.
Information these third-parties may have been able to access includes:
– Your first and last names,
– Email address (username), and
– Your 16-digit DD Perks account number and your DD Perks QR code

What We Are Doing
We immediately launched an internal investigation and have been working with our security
vendor to remediate this event and to help prevent this kind of event from occurring in the future.
As you know already, we forced a password reset that required all of the potentially impacted DD
Perks account holders to log out and log back in to their account using a new password. We also
have taken steps to replace any DD Perks stored value cards with a new account number, but
retaining the same value that was previously present on those cards. We also reported the incident
to law enforcement and are cooperating with law enforcement to help identify and apprehend
those third-parties responsible for this incident.

What You Can Do
As always, we strongly recommend that our guests create unique passwords for their DD Perks
accounts, and do not reuse passwords used for their other unrelated online accounts. In addition,
attached please find “Information about Identity Theft Protection.” It includes steps you can take to help
protect yourself against identity theft.

For More Information
If you have questions or concerns, please refer to dunkindonuts.com or call Consumer Care at 800-
447-0013 during the following hours: Monday —Friday between 7AM and 7PM EST.

Sincerely,
Customer Relations
Dunkin’ Brands

Leave a Comment