On Thursday, Dunkins donuts announced that hackers have probably broken into customer loyalty points.
But why would a hacker have loyalty points on a donut chain? Apart from not only fueling the hacker dough, these accounts can be sold on the dark web. Dunkin's many vulnerable accounts are already appearing on dark marketplaces as part of the booming loyalty points economy. And they are pretty cheap too.
"Grab a hacked Dunkin Donut account now with a cheap price on the market!", It says in a list currently available on Dream Marketplace, probably the largest dark web market at the time of writing. For $ 1
Dunkin's Donuts' latest announcement concerns the company's DD Perks program, a mobile app rewards program that allows customers to receive free drinks or special discounts. It looks like providers on the Dream Marketplace are selling accounts for the same purpose. "Simply sign in through the apps on your phone to present at checkout for payment by invoice!"
This does not mean that the accounts that are currently for sale are the same as the accounts Dunkin 'Donuts recently warned its customers about, but there is a fair chance that those accounts will share the same fate are exposed.
Got a hint? You can safely contact Joseph Cox at +44 20 8133 5190, OTR chat at email@example.com or email firstname.lastname@example.org.
In his earlier statement Dunkin 'Donuts said it was not itself the victim of a privacy breach. However, hackers used passwords from other vulnerable websites to sign in to customers. This is one of the main ways that hackers usually gain access to loyalty point accounts, such as Dunkin 'donuts, hotel chains or other.
On Dream Marketplace, a vendor provides a configuration file for Sentry, a software that makes it easier for a hacker to get through various credentials quickly to see which ones work. Sentry requires different settings for each service or website the hacker wants to target, hence the configuration file.
A similar technique was used to obtain Uber credentials when they were offered for sale on the Dark Web. The seller for the Dunkin Donuts Sentry file, which costs about $ 2, provides customer support for it to work, according to the seller's listing.
"100% Satisfaction Guarantee," reads an ad.
our new cybersecurity podcast CYBER.