Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack

[maruf.swe]

Dunkin’ Donuts’ loyalty program was hit with a credential stuffing attack that targeted names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes.

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months.

Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkin’s loyalty program. Names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes were potentially exposed.

For More Details : https://threatpost.com/dunkin-credential-stuffing/141754/