Dunkin’ Got Hacked
Credential stuffing is becoming more commonplace.
Feb 14, 2019
CANTON, Mass. – On Tuesday, Dunkin’ Brands announced that hackers got access to customer information during a credential stuffing attacking, reports Pymnts.com.
Credential stuffing occurs when hackers use combinations of usernames and passwords gleaned from other websites and try to break into different accounts at other websites.
According to ZDNet, this is the second time in three months that members of the Dunkin’ Donuts Perks reward program were victims of credential stuffing. The first incident happened in November, and the most recent attack occurred on Jan. 10.
According to ZDNet, the hackers were seeking personal information. They actually wanted the actual accounts, which they are reportedly selling on the dark web to people who use buy them to get free drinks and discounts at Dunkin’ outlets.
This type of attack has grown over the past two years as scores of usernames and passwords have been shoved into the public light. In the past, the information would be tough to get, but now data have been shared and reshared so often that this type of information is easily obtainable.
Other companies have fallen victim to credential stuffing attacks. AdGuard, the ad blocker company, suffered a similar attack in September, while HSBC was targeted in November. Reddit, DailyMotion and Basecamp were victims of credential stuffing attacks in January.
Safety
