BOSTON (WBZ-AM) -- Coffee and donut lovers beware--Dunkin Donuts says if you use their DD Perks program, there's a chance your personal information may have been compromised in a recent security breach
Dunkin Brands says it learned from a security vendor that on Halloween, hackers tried to get access to some DD Perks accounts online. They did so using what's called a credential stuffing attack, which Daryl Crockett, CEO of Boston-based data privacy company Validdatum told WBZ NewsRadio's Jeff Brown is a relatively new way of stealing information.
"It's becoming more and more common," Crockett said.
While several of those attempts were blocked, any successful attacks may have exposed customer names, email addresses, and DD Perks account numbers. Dunkin did get word out quickly.
"What I think Dunkin' Donuts is trying to say is, it is not them who was responsible for keeping this information safe," Crockett said. "Unfortunately to the consumer, I think it's the same result, the same level of harm or exposure."
The company says any affected users will be assigned replacement account numbers.
If your DD Perks info was hacked, Dunkin' will force a password reset. If you've used this password for other online accounts, you're advised to change those passwords, too.
Brown asked Crockett if it seems like we're becoming used to this kind of thing. She said re-setting your password is a small price to pay.
"I think we're always surprised for a short period of time, but after a while, you just seem to accept it as part of life," she said. "We become less vigilant because we're exposed to so much of it, instead of becoming more wary."
WBZ NewsRadio's Jeff Brown (@jeffbrownwbz) reports