Dunkin’ Donuts Reports Credential Stuffing Attack

I particularly liked the above headline seen on a cyber-security website. There’s something about donuts and the verb stuffing that seem so appropriate together.

Screenshot 2019-03-10 at 13.22.29.png

Not familiar with credential stuffing? This is where hackers steal lists of account details such as user names, email addresses and passwords, perhaps from a site that is not as cyber-secure as it might be, and then reuse the same user names and passwords to gain access to bank accounts and other potentially more profitable websites.

Dunkin’ Donuts accounts allow repeat customers to earn points, get free merchandise and discounts. Now the fact that hackers may be after your free donuts might not keep you awake at night, but and this is the scary bit, they also nabbed emails addresses, usernames and passwords.

Here’s the question. Have you ever used the same username and password on more than one site? I’m guessing the answer is yes. It certainly is in my case. One recent survey reported that 81% of users have reused a password across two or more sites and 25% of users use the same password across a majority of their accounts.

Once bad guys have your user name and password, they either use them or sell them on through the dark web. These details are then exploited to gain unauthorised access to other accounts through large-scale automated login requests directed against a range of websites or applications.

So, avoid reusing the same email and password combination for multiple online accounts, and while enjoying a tasty donut or doughnut if you’re in the UK, change your login credentials frequently.

Jim Preen: Head of Media

CyberRichard Whitby