After getting hacked three months back, Dunkin’s information security took another hit. Hackers, once again, gained access to an undetermined number of DD Perks user accounts.
What’s more bothersome is that the hackers breached their system through the exact same way they did a few months back. They used a hacking technique that is referred to as Credential Stuffing.
Even though it isn’t a complex kind of attack, it is extremely effective. Generally, hackers will use combinations of user names as well as passwords from their previous data breaches. They will try to use them and see if they work on other websites.
It is very effective, since until this day, an appalling percentage of individual use the exact same password for different websites. That is even if they have user names that have a slight different from one another. The problem is that once a hacker gets access to a DD Perks account, all the details of the user’s profile will be exposed. These include the first name, last name, email address, and well as the code for their DD Perks account.
Although that is not enough to steal anybody’s identity, these details surely has value when they go to the Dark Web, and is most likely being sold there while you are reading this post. Of course, it likewise lets the hackers, or anybody who purchases the account information, to begin using the victim’s DD Perks points, enjoying freebies, and denying all the good things to the rightful owner of the account.
According to a Dunkin’ Donuts representative, "Dunkin' continues to work aggressively in combatting credential stuffing attacks, which have become increasingly prevalent across the retail industry given the massive volume of stolen credentials now widely available online." The spokesperson also said that what happened wasn’t a breach of their system. Obviously, that is a tiny consolation to all account holders whose information has been compromised. Whether you have a big or small business, information security is a much. If you are unsure what to do, talk to an IT consultant for expert assistance.
