Dunkin Donuts recently informed its customers to change their passwords as some of the accounts might have been hacked by third-party hackers. Due to breaches in other apps and libraries, the third-party hackers gained information and access to the user’s accounts and possibly gained access to their accounts. The activity on the accounts often depends on the existing activity of the DD Perks accounts.
On Oct 31’st, Dunkin Donuts gained information about possible security threats to its user’s accounts that was gained by third-party hackers due to the breaches independent libraries and code bases. The number of accounts compromised was not published by the company but it assures that only a few accounts were vulnerable as most of the attacks were prevented by the security vendor.
The app forced a password reset in the apps for its customers to allow increased security that will prevent any hacker to gain unauthorized access to its accounts.
The company has already launched an internal investigation regarding the issue and is looking to find the precise library that led to the compromise. The hackers might have gained access to usernames, passwords, QR codes and the 16-digit DD perks account number. The company has also reported the incident to the concerned law enforcement agencies and is now working had to secure the accounts while attempting to find the third parties responsible for the breach.
Similar incidents have risen recently with the BitPay and CoPay hacks that were carried out by a trusted package used by thousands of apps. Therefore, it has become a reminder for organizations that even though their codebase might be strong enough, the packages and libraries they depend on to run their platforms might be vulnerable. Thus, proper security measures are mandatory while building applications that run on consumer side apps.
Source – NBCNews