If you’re a lover of Dunkin’ Donuts and a frequent customer, you should be aware that their DD Perks program may have been hacked. DD Perks is a loyalty rewards program that’s been in place for a number of years. The company also has a DD Perks app that allows customers to make payments via their smartphones. Now, the company is warning customers that the DD Perks program may have been hacked.
The company has learned that an outside source has gained access to some users account usernames and passwords. Dunkin’ Donuts says the breach gives access to first and last names, emails, DD Perks account numbers and QR codes in the app. The company found out about the security incident on October 31st through one of their security contractors. The company did not disclose the number of accounts affected by the breach.
The hackers used the usernames and passwords to gain access to other online accounts, the company said, adding that its security vendor stopped most of these unauthorized attempts.
The company said it alerted DD Perks program holders who may have been affected and forced a password reset. It also encouraged customers to use “unique passwords” and not to reuse their DD Perks passwords for other online accounts.
The company has an investigation started and says Dunkin’ Donuts internal systems did not suffer any data breach. Dunkin’ Donuts says hackers gained access through security breaches at other organizations.
Here’s a portion of the statement Dunkin’ Donuts released:
On October 31, 2018, we learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break into various online accounts across the Internet. Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’