Having a membership to a rewards program has its perks — but occasionally there are drawbacks. Dunkin’ Donuts has announced that hackers used passwords stolen from another company to log in to some DD Perks accounts. The company said it was notified of the potential hacking on October 31 — Halloween — and customer information including names and email addresses may have been stolen.
Dunkin’ recently informed some members of the rewards program that one of the company's security vendors had notified them "that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet.”
The hackers may have achieved access to DD Perks members’ first and last names, their email addresses, and their 16-digit DD Perks account number and QR code.
The letter to DD Perks members explained that the chain’s security vendor was successful in stopping most of the attempts, but that some DD Perks accounts might have been compromised. Dunkin’ issued a password reset to any customers who may have had their information hacked, replaced any DD Perks stored value cards with new account numbers, and reported the hacking to law enforcement.
The attempted hack was related only to DD Perks accounts, and the doughnut and coffee chain says none of its internal systems were breached. Dunkin's transparency regarding the hack coupled with their tasty treats and drinks makes them one of the best doughnut chains in America.