Dunkin’ Donuts announced earlier this month that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts.
So, what is credential stuffing? It’s a cyber-security term to describe a type of cyber attack in which hackers take combinations of usernames and passwords leaked at other sites and use them to gain illegal access on another – this time, to scoop up Dunkin’s customers’ reward points.
Risk to Small Business: 1.777 = Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.
Individual Risk: 2.571 = Moderate: The exposed accounts contain personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.
The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, it’s important for businesses to team up with security providers like Contrast to ensure state-of-the-art password protection and Dark Web monitoring.
Contrast to the Rescue: Our web security programs combine human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor your data.