Dunkin’ Donuts: Your coffee’s been hacked

Do you take your coffee black or regular? Do you remember when it was “time to make the donuts”? These are sweet memories. Unfortunately, recent events leave a more bitter taste. On October 31, Dunkin’ Donuts, the coffee and donut chain that “America runs on”, discovered its mobile app rewards program, DD Perks, may have been accessed by a third party.

In a statement, Dunkin’ Donuts said: “On October 31, 2018, we learned from one of our security vendors that a third-party may have attempted to log in to your DD Perks account. We believe that these third-parties obtained usernames and passwords from security breaches of other companies. These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet. Our security vendor was successful in stopping most of these attempts, but it is possible that these third-parties may have succeeded in logging in to your DD Perks accounts.”

Dunkin’ Donuts launched an investigation and notified law enforcement. It also alerted DD Perks account holders and gave them tips to protect themselves from identity theft.

You may like your coffee regular, but notices like these from some of the world’s largest companies shouldn’t be. Dunkin’s famous donuts might be “Munchkin-sized”, but its problems are considerably larger.

Penetration testing

Regular penetration testing can prevent cyber criminals from exploiting defects in web servers, browsers, email clients, POS (point-of-sale) software, operating systems, and server interfaces.

Penetration tests provide an end-of-state check to make sure all required security controls have been implemented correctly. They can also be used in the early stages of developing new processing systems to identify potential risks to personal data.

Why conduct a penetration test?

An organization should carry out a penetration test:

  • In response to the impact of a serious breach on a similar organization
  • To comply with a regulation or standard, such as the PCI DSS (Payment Card Industry Data Security Standard) or the EU’s GDPR (General Data Protection Regulation)
  • To ensure the security of new applications or following significant changes to business processes
  • To manage the risks of using a greater number and variety of outsourced services
  • To assess the risk of critical data or systems being compromised

Broadly speaking, there are four types of penetration test, each focusing on a particular aspect of an organization’s logical perimeter:

  • Network (or infrastructure)
  • Web application penetration tests
  • Wireless network penetration tests
  • Phishing and social engineering penetration tests

Download our Green Paper

Learn how to protect your organization’s networks and web applications by reading our detailed penetration testing green paper.  Download the green paper here.

Deck your office with cybersecurity

Take advantage of our special holiday offer:

Spend over $500 and receive $50 off
Spend over $1,000 and get $100 off
Spend over $2,000 and get $200 off
Spend over $5,000 and get $500 off 

Offer applies automatically at checkout. No promo code is required.
Sale ends on January 31, 2019.  Save here >>