In the News
A part of your daily routine may have been the subject of a recent hack. In Attackers Run on Dunkin’s DD Perks Rewards, Kacy Zurkus at InfoSecurity Magazine discusses a finding at coffee giant Dunkin’ in which its rewards members were hacked to steal their rewards points in a credential stuffing scheme. Zurkus explains that personal information may have also been exposed as a result of the hack. Zurkus does state that all passwords were required to be reset after the hack was identified.
Our Take
As with many other hacks due to credential stuffing, the success of such hacks is solely dependent on malicious attackers having access to your account given other exposed or hacked accounts. For many people, creating one or a few passwords to use for all accounts provides the most ease, but this method of account security if what gives credential stuffing schemes the information they need to steal more of your personal information. Maintaining safe password practices is crucial to protecting not just one, but many of your online accounts. Additionally, companies such as Dunkin or other rewards programs must amp up their security measures to ensure that the personal information and personal rewards of users are not exposed. Such methods could include a form of multi-factor authentication or more strict internal regulation of user data.
Recommendations
How can you protect your personal information on online accounts and platforms?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Don’t reuse your account passwords, and take advantage of multi-factor authentication whenever possible
- Minimize the number of accounts that have direct access to your bank account or card numbers
- Track your finances closely to notice suspicious transactions before they become dangerous
- Stay up to date on the news regarding recent data breaches and security flaws to see if you may have been affected