What is this world coming to.
In a troubling sign of these cybercrime-friendly times, it turns out that not even your Dunkin’ Donuts Perks account is safe from hackers. And, as these things tend to go, that could have broad ramifications for much more than just customers’ sweet treats.
For those not in the know, a Dunkin’ Perks account and accompanying app can be used to accrue points toward free drinks, score “treats and goodies,” and order your daily java in advance. It’s a pretty standard customer loyalty program, and many people participating likely don’t give it much thought.
They may need to now. According to a statement issued by the company, hackers successfully managed to gain access to Perks accounts — although to what end exactly is unclear. Dunkin’ says hackers may have been able to get the first and last names, email addresses, 16-digit DD Perks account numbers, and DD Perks QR codes of some customers.
“Although Dunkin’ did not experience a data security breach involving its internal systems,” noted the statement, “we’ve been informed that third parties obtained usernames and passwords through other companies’ security breaches and used this information to log into some Dunkin’ DD Perks accounts.”
Importantly, if you reuse your Perks password for other online accounts (which you should obviously never do), hackers also might have been able to take that info — in conjunction with your email address — and gain access to your non-doughnut related accounts.
This is bad, and Dunkin’s statement highlights that very problem.
“As always, we strongly recommend that our guests create unique passwords for their DD Perks accounts, and do not reuse passwords used for their other unrelated online accounts.”
Sage security advice from the East Coast doughnut king.
Dunkin’ says it learned of the security problem on Oct. 31, and forced password resets for all the customers it believes were affected. Why it’s just now notifying customers of the security incident isn’t quite clear, but better late than never. That is, unless over the course of the last month some nefarious individual used your Perks password to access your email or bank account. Then a more timely heads up could have been quite helpful.
Either way, America will continue to run on Dunkin’ — and, perhaps for the time being, so will some hackers.