In the News
Customer rewards programs are becoming a frequent target for data attacks. In Double-Stuffed: Dunkin’ Hit by Another Credential-Stuffing Attack, Tara Seals at ThreatPost discusses Dunkin’ Donuts’ most recent data breach. Seals explains that the attack method was credential stuffing, a technique using previously stolen customer information to then access additional accounts and the information stored in those as well. Seals states that Dunkin’ has required its loyalty members to change their passwords.
Our Take
Dunkin’ Donuts suffered another similar attack just months ago. Once again, customers are suffering because of a breach of data privacy. While there are many steps that the company can take to prevent such events from happening in the future, the timeframe of these two incidents highlights the need for proactive customer measures to protect their information. Credential stuffing attacks are made possible because of reused account information and passwords. A simple way to further protect your accounts is to create more unique and secure passwords. We all know that it is easier to reuse a simple password on every account that we create. However, this practice puts all of your accounts at risk if one is compromised. So, keep this reality in mind next time you decide to open up a rewards account and are asked to create a password…make sure it is a unique one!
Recommendations
How can you protect the information while still benefiting from rewards programs?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Minimize the number of accounts that have direct access to your bank account or card numbers
- Don’t reuse your account passwords, and take advantage of multi-factor authentication whenever possible
- Stay up to date on the news regarding recent data breaches and exposures to see if you may have been affected