Dunkin’ Donuts accounts may have been hacked in credential stuffing attack

From zdnet.com

dunkin-donuts.jpg

Dunkin’, the company behind the Dunkin’ Donuts franchise, has notified owners of DD Perks rewards accounts that a hacker might have accessed their profiles and personal data last month.

The company said it didn’t suffer an actual breach of its backend systems but only fell victim to an automated attack known in the cyber-security field as a credential stuffingattack.

“Third-parties who obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches may have used this information to log into certain DD Perks accounts if the account holders used the same username and password for unrelated accounts,” a Dunkin’ Donuts spokesperson told ZDNet today.

Read more…