Dunkin’ Donuts Accounts Compromised In Second Credential Stuffing Attack In Three Months

Dunkin’ Donuts has announced that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts. This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks.

Experts Comments below:

Stephen Moore, Chief Security Strategist at Exabeam:

Stephen Moore

Stephen Moore

“The most seasoned and well-resourced security teams can be easily overwhelmed by the volume of organisational alerts they receive in a day. That complexity, when combined with the inherent difficulties of detecting credential-based attacks, because the attackers are impersonating legitimate users, creates an environment that lacks control and trust. In this case, the security incident was likely the result of malicious actors using previously collected or breached login data to access accounts.

To protect against these types of attacks, organisations must shift the enterprise security strategy. To remediate incidents involving user credentials and respond to adversaries, the key is to move fast and consider an approach that is closely aligned with monitoring user behaviour – to provide the necessary visibility needed to restore trust, and react in real time, to protect user accounts. This should include the ability to detect, using behavioural characteristics, when events have occurred – especially when it comes to customer–facing incidents.”

Tim Bandos, Vice President of Cyber Security at Digital Guardian:

“In situations like this, the practice of good password hygiene becomes critical otherwise you’re putting sensitive accounts and credentials at risk. We know that in addition to credit cards, email addresses and PII, password credentials are highly sought-after by cybercriminals – so use a different password for each of your online accounts. Make sure your passwords are unique and complex to ensure that hackers cannot guess them. If you’re notified that your account has been comprised, change your password immediately. Lastly, where possible, enable multi-factor authentication. Popular websites like Facebook, Gmail and Skype all offer this service.”

Steve Armstrong, Regional Director UK, Ireland & South Africa at Bitglass:

“It’s imperative that users understand the risk of weak authentication. Reusing the same password allows attackers to use credential stuffing attacks across multiple platforms. For the hacker, once they breach one set of accounts, the pay off can be high. In order to mitigate this risk end users and platform providers should implement both a strong password criteria and a second factor authentication to ensure the user is who they say they are. Ultimately, my recommendation to any customer who has experienced a breach is to change all the passwords across all their accounts online. The use of a password manager would make managing this far simpler. The knock-on effect here is not just the loss of this specific account – but the likelihood of credentials being used elsewhere.”