Hackers Hit Dunkin Donuts Accounts For The Second Time - Olmec Skip to main content

Hackers Hit Dunkin Donuts Accounts For The Second Time

By March 7, 2019May 19th, 2022Cybersecurity

America might run on Dunkin’, but the company has just taken another big hit.  For the second time in recent months, hackers have gained access to an unknown number of DD Perks user accounts.

What makes this issue even worse is the fact that the hackers were able to breach the system in exactly the same way they did three months ago.  They used a technique known as Credential Stuffing.

It’s not a sophisticated form of attack, but it is surprisingly effective.  Basically, hackers will take combinations of user names and passwords gleaned from other data breaches and try them to see if any work on other sites.

It’s effective, because to this day, a shocking percentage of people use the same password across multiple web properties. That’s even if their user names vary slightly.  Unfortunately, when a hacker gains access to a DD Perks account, he or she can see all the details of that user’s profile, which include the user’s first name, last name, email address, and their DD Perks account code.

While that’s not enough on its own to steal someone’s identity, the information certainly has value on the Dark Web, and is probably being sold there as you’re reading these words.  Of course, it also allows the hackers, or anyone who buys the account information, to start using the victim’s hard-earned DD Perks points, getting freebies for themselves and denying them to the rightful account holder.

A Dunkin’ Donuts spokesman had this to say about the matter: “Dunkin’ continues to work aggressively in combatting credential stuffing attacks, which have become increasingly prevalent across the retail industry given the massive volume of stolen credentials now widely available online.”

The spokesman reiterated that this was not a breach of the company’s system, but of course, that’s small consolation to those who have had their accounts compromised.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.