Dunkin’ Alerts DD Perks Account Holders That Hackers May Have Accessed Data

Dunkin’, the operator of Dunkin’ Donuts franchises, is alerting DD Perks rewards program account holders that its profiles and data may have been accessed by a hacker in October.

ZDNet, citing the company, reported Dunkin’ wasn’t the victim of a breach — but that it was the victim of credential stuffing attack, which is an automated attack.  “Third-parties who obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts,” a Dunkin’ Donuts spokesperson told ZDNet. The report noted that Dunkin’ said it was notified about the attack from a security vendor it does business with and said it was successful in stopping “most of these attempts.” It did acknowledge that some login attempts may have succeeded, and thus sent the notification to account holders.

Get the Full Story

Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

yesSubscribe to our daily newsletter, PYMNTS Today.

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

Δ

ZDNet noted that Dunkin’ didn’t say how many customers were impacted by the breach. Some of the information potentially obtained in the breach includes users’ first and last names, email address, DD Perks account numbers and DD Perks QR codes. Dunkin’ said the attack happened on October 31, and when it learned of it, it forced a password reset to all impacted accounts.  “We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for this incident,” Dunkin’ said. ZDNet noted that accessing the DD Perks accounts, which are part of the company’s mobile app and let users gain points to receive free or lower-priced products, may seem pointless — but rewards program data is sold over the dark web.

In late September Dunkin’ Donuts announced that it has officially changed its name, and will now be known simply as Dunkin’.

As a result of the change, new branding was unveiled at its Global Franchisee Convention that recognizes its new name and focus on serving great coffee fast, while also embracing Dunkin’s heritage by keeping its signature pink and orange colors and iconic font.