Are you a member of Dunkin’ Donuts reward program? Dell and Dunkin’ Donuts announced their recent data breach exposed passwords, therefore, all customers must reset their password before a cyber theft gets away with a tasty reward as well.
Dell states that the incident was detected on November 9th led to the compromise of names, email addresses, and hashed passwords. Investigations point to the reuse of leaked credentials from previous breaches may have led to the attack on DD Perks accounts, a Dunkin’ Donut reward program.
Dell and Dunkin Donuts urge their customers to change their passwords to new, unique passwords. By reusing old passwords from previous accounts, attackers use leaked sets of credentials to attempt to unlock other accounts in a credential stuffing attack.
Dell Breach Without Financial Data Affected
Dell says the attack affected customer accounts created for dell.com as well as its Premier, Global Portal and support.dell.com, which is also referred to as Esupport.
After it detected the attack, Dell says it started an investigation and retained a digital forensics firm to investigate. It also contacted law enforcement.
“Though it is possible some of this information was removed from Dell’s network, out investigations found no conclusive evidence that any was extracted.”-Dell
Cyberattack Shut Down
Dell appears to have detected and shut down the attack quickly, which is one of the main challenges with cyber attacks, says Pravin Kothari, CEO of CipherCloud. The average “dwell” time – the period between when a system is compromised and an attack is detected, was about 75 days last year, Kothari says.
“The goal today for every security operations center is to detect and shut down attackers with the most minimal dwell time,” Kothari says. “This is the leading edge of industry best practice for on-premises and cloud security. Dell has shown that the right mix of skilled personnel equipped with the right tools for visibility, threat and data protection can make a big difference.”
Dell didn’t specify what hashing algorithm it uses. Service providers are increasingly hashing passwords with bcrypt, which makes it more difficult for attackers to run brute-force computations in hopes of discovering the plain-text password.
“We are disclosing this incident now based on findings communicated to us by our independent digital forensics firm about the attempted extraction,” Dell says.
Use Strong, Unique Passwords
One of Dunkin’ Donut’s security vendors informed them that account credentials leaked in other breaches were used to access DD Perks accounts.
“Our security vendor was successful in stopping most of these attempts, but it is possible that these third parties may have succeeded in logging into your DD Perks accounts if you used your DD Perks username and password for accounts unrelated to Dunkin,” the company says in a statement to its customers.
Exposed data includes first and last names, email addresses, account numbers, and the associated QR codes. A password reset along with issuing new account numbers as well as balances to new cards would clean up this security breach. Using a strong, unique password would prevent a hacker from accessing other accounts you may have associated with that same email-password combo, if another data breach occurs.
“We also reported the incident to law enforcement and are cooperating with law enforcement to help identify and apprehend those third-parties responsible for the this incident,” Dunkin says.
Original Article Found Here.