Alert: Dunkin’ Donuts Data Breach

If you are a Dunkin Donuts customer, who has a DD Perks reward program account, this matters to you.  According to reports, DD Perks has suffered a breach, so depending on how much information you filled in, your data could be compromised. Alert: Dunkin’ Donuts Data Breach

News Report

Via 6abc Philadelphia

What Happened Per Dunkin Donuts

According to the security update released by Dunking Donuts,

On October 31, 2018, we learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet. Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks account if you used your DD Perks username and password for accounts unrelated to Dunkin’.

So in essence, they were not directly breached, however, those who used the same user name and password for other sites that previously had been breached and at Dunkin could have been compromised. Unfortunately, a majority of users only have 1 user name and password they use for all accounts.  If you do that, you are ASKING FOR TROUBLE.

So What Could Have Been Exposed

According to Dunkin, if your account was breached

The information involved depends on what you had in your DD Perks account. Information these third-parties may have been able to access includes:
– Your first and last names,
– Email address (username), and
– Your 16-digit DD Perks account number and your DD Perks QR code

The biggest concern here is if you use the same user name, which is your email address, and password combination to log into your email.  If you do, then the bad guys can get into your email and they know it.

  • On the DD Perks side, Dunkin is already forcing all account holders to reset their password, no matter what.
  • If you do use the same email and password combination for your email or any other account you own, you REALLY NEED TO CHANGE YOUR PASSWORDS BEFORE YOU FINISH READING THIS POST.

What Can You Do To Protect Yourself

In this day and age, most sites now offer 2 factor authentication (2FA).  Yes that is an extra step as you will need to enter a code you get from an app or a text on the site, after the initial log in, but that is the best way to currently protect yourself. In a previous post, Tech Geek and More posted how to How To Turn On Two Factor Authentication For Online Services, For some of the most common services.


If you want to read the entire Dunkin Donuts notice, you can find it here.


Leave a Comment

Your email address will not be published.