[BreachExchange] Dunkin' Donuts says DD Perks accounts may have been hacked

[Destry Winant]

https://www.newsday.com/business/dunkin-donuts-hack-dd-perks-1.24036845

Dunkin' Donuts is warning customers that information tied to their DD
Perks accounts may have been stolen as part of a hack.

The company posted the notification on the bottom of its DD Perks web
page. DD Perks is Dunkin's rewards program for frequent customers.

The popular coffee and doughnuts chain said private information, such
as customer names, DD Perks account numbers and email addresses may
have been stolen.

"We learned from one of our security vendors that a third-party may
have attempted to log in to your DD Perks account," the company said
in the notification. The third-parties likely obtained usernames and
passwords from security breaches of other companies, and then used the
information to try to break in to various online accounts across the
internet, Dunkin' said.

"Our security vendor was successful in stopping most of these
attempts, but it is possible that these third-parties may have
succeeded in logging in to your DD Perks account if you used your DD
Perks username and password for accounts unrelated to Dunkin’," it
said.

The company said it had "forced a password reset that required all of
the potentially impacted DD Perks account holders to log out and log
back in to their account using a new password."

The company said it informed law enforcement and launched an internal
investigation, and added that its internal system "did not experience
a data security breach."