PSA: Dunkin’ reports data breach affecting DD Perks accounts

PSA: Dunkin' reports data breach affecting DD Perks accounts

Mods, please keep this in Hot Deals for a while so people can see it before moving it to Deal Talk.

https://www.nj.com/business/2018/…ounts.html

nj.com/business/2018/11/dunkin-reports-data-breach-affecting-dd-perks-accounts.html

Dunkin’ reports data breach affecting ‘DD Perks’ accounts

Dunkin’ customers who have a “DD Perks” account might have had their names and email addresses stolen during a data breach the company formerly known as Dunkin’ Donuts discovered last month.

Hackers obtained the information through other companies’ security breaches and used it to log into some Dunkin’ DD Perks accounts, the company said Wednesday. Account numbers and DD Perks QR code for customers may also have been accessed.

Hackers exploited a vulnerability that impacted “View As”, which lets users see what their own profile looks like to someone else.

Dunkin’ said it learned of the breach Oct. 31 from one of its security vendors, which stopped most of the attempts to access customers’ accounts. It previously also forced customers to reset passwords.

The company didn’t experience a breach of its internal systems.

Anyone with questions can contact Dunkin’ at 800-447-0013.

_____________

You may not have credit data here, but from what I’ve heard, the info gained is used for “Credential Stuffing”. Hackers will use the same email/password combinations on other sites.