Dunkin’ Donuts security vendors made them aware that the information of their DD Perks customers was accessed by an unknown actor. The number of customers that were affected is not known at this time, however information in the likes of customer’s first and last name, email addresses, DD Perks account numbers and QR codes were comprised. “Third-parties who obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts. These individuals then used the usernames and passwords to try to break into various online accounts across the internet,” a Dunkin’ Donuts spokesperson told reporters. Since the attack, Dunkin’ has forced password resets in an attempt to protect DD Perks members.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased