Dunkin’ (formerly known as Dunkin Donuts) discovered evidence of the incident on October 31st, 2018 when one of their security vendors reported that an unknown third party had made use of stolen credentials to access user accounts.
The company responded swiftly, deactivating the compromised credentials and sending notification letters to all DD Perks account holders who were affected. While an investigation into the matter is still ongoing, Dunkin’ reports that the following information may have been accessed:
- Account holder first and last name
- Account holder email address
- Account holder DD Perks account number
- Account holder’s QR code.
Out of an abundance of caution, the company said it pushed a password reset to all users who were potentially impacted in a bid to minimize further damage. If you received a letter from Dunkin’ be aware that the next time you head to the site, you’ll be asked to change your password.
If you haven’t gotten a letter yet but you have been asked to change your password, you can expect to receive a communication from the company soon.
Hackers are notorious for being opportunistic, striking at any target of opportunity that presents itself, but this attack takes things to a new low. Nobody, not even hackers, should come between a person and his or her morning cup of coffee.
In any case, even if you didn’t receive a notification from the company and even if you haven’t been forced to reset your password, just to be safe, it might be a good idea. Save your points. Protect your coffee!