Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Dunkin’ Donuts accounts compromised in second credential stuffing attack in three months

February 12, 2019
in Internet Security
Dunkin’ Donuts accounts compromised in second credential stuffing attack in three months
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Dunkin’ Donuts announced today that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts.

This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks.

You might also like

Billions of smartphone owners will soon be authorising payments using facial recognition

PayPal rolls out new fraud management tools for merchants

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

Credentials stuffing is a cyber-security term that describes a type of cyber-attack where hackers take combinations of usernames and passwords leaked at other sites and use them to gain (illegal) access on accounts on new sites.

Dunkin’ Donuts reported a first credential stuffing attack at the end of November (the actual attack occurred on October 31). Today, the company reported a second credential stuffing attack (attack happened on January 10).

Just like in the first, hackers used user credentials leaked at other sites to gain entry to DD Perks rewards accounts, which provide repeat customers with a way to earn points and use them to get free beverages or discounts for other Dunkin’ Donuts products.

The type of information typically stored inside a DD Perks account includes a user’s first and last names, email address (also used as username), a 16-digit DD Perks account number, and a DD Perks QR code.

But hackers weren’t after users’ personal information stored in Dunkin’ Donuts rewards accounts. Instead, they were after the account itself, which they are selling on Dark Web forums, according to a screenshot shared with ZDNet by threat intel firm Lastline.

Dunkin Donuts account seller

Image: Lastline (provided)

During online conversations and phone calls over the past few months with this reporter, several security engineers at American ISPs (who couldn’t share their names due to non-disclosure agreements) have previously told ZDNet about this growing trend in the cyber-criminal undergrounds. According to our sources, hacker groups are renting IoT botnets and running scripts to carry out credential stuffing attacks against a wide range of online services.

Once hackers break into accounts, they either exploit them by extracting personal information from accounts and reselling the personal data to financial fraud operators, or they sell access to the hacked accounts themselves.

This latter case is what’s happening with Dunkin’ Donuts accounts, as hackers put up the hacked accounts for sale, which are later bought by other persons that use the reward points found in these accounts at Dunkin’ Donuts shops to receive unearned discounts and free beverages.

A Dunkin’ Donuts spokesperson did not answer a request for comment before this article’s publication.

Dunkin’ Donuts isn’t the only company that has suffered a credential stuffing attack in the past few months. Ad blocker company AdGuard suffered one in September 2018; banking giant HSBC in November; but also Reddit, DailyMotion, and Basecamp last month.

Credential stuffing attacks have become a big issue for online service providers in the past two years after billions of username and password combinations have gradually made their way into the public domain.

While initially these username-password combos were hard to get by because they were being sold online on well-hidden hacking forums, recently, they’ve been shared and re-shared so much that they’re now generally available to anyone who knows how to use a search engine and has the time to dig through search results for still-working download links.

More data breach coverage:

Credit: Source link

Previous Post

SunLive - When machine learning, Twitter and te reo merge

Next Post

Tradeshow Planning Tips and Advice

Related Posts

Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
PayPal rolls out new fraud management tools for merchants
Internet Security

PayPal rolls out new fraud management tools for merchants

April 12, 2021
Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Next Post
Tradeshow Planning Tips and Advice

Tradeshow Planning Tips and Advice

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Bitcoin mining in China could threaten climate policies, new study shows
Blockchain

Bitcoin mining in China could threaten climate policies, new study shows

April 13, 2021
Artificial Intelligence Research at Duke
Machine Learning

Artificial Intelligence Research at Duke

April 13, 2021
Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021
Neural Networks

Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021

April 13, 2021
Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
Caruso real estate to accept Bitcoin as rent payment in industry first
Blockchain

Caruso real estate to accept Bitcoin as rent payment in industry first

April 12, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Bitcoin mining in China could threaten climate policies, new study shows April 13, 2021
  • Artificial Intelligence Research at Duke April 13, 2021
  • Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021 April 13, 2021
  • Billions of smartphone owners will soon be authorising payments using facial recognition April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates