Amid the continuing saga of password management comes this sweet article that really frosts me. It seems that Dunkin Donuts suffered a recent breach where attackers focused on its reward program (DD Perks) data. Dunkin stated that user names and passwords were obtained in a breach from another attack and were then used to test their DD Perks database.

doughnuts 1

In their public statement, Dunkin mentioned that they were unaware if any payment information was obtained in the data breach. I decided to investigate by signing up for the rewards program myself. After setting my credentials and password, I was immediately taken to a screen where I was asked if I wanted to buy a prepaid Dunkin’s card using a Visa or Mastercard.  The data that members are providing when they sign up suggests that cardholder data was likely a part of this incident, despite Dunkin stating they are “unaware” of payment data being stolen.

Either pure laziness or a genuine lack of internet security education were reasons for this breach. Both of these can be incredibly dangerous, as was the case with this Dunkin breach.

Avoid Similar or Common Passwords

The hackers obtained usernames and common passwords from a previous breach on a completely different site. They stored them and began hitting multiple sites with an account checker, hoping that they would catch a member using the same login and popular password on a different site (DD Perks, in this case). People who used the same email address and common passwords for multiple sites were the reason for this breach.

passwords 1

Homer Simpson loves donuts, so he signs up for a DD Perks account. Unfortunately, his email ([email protected]) and password (D’ohnuts!!!) are the same set as he used on the site that was breached initially. It’s likely that Homer either didn’t bother to take the time in creating and remembering a new password, or he simply didn’t know that it is an important part of his personal security to do so.

Mistakes like the one Homer made affect more than just him. As a business owner or leader, this can have scary implications on you as well. If your employees use easy to remember passwords for their personal accounts, they are likely taking those same practices back to the office with them. Because of this, work applications they log in to can put your company in the crosshairs, and it’s just a matter of time before you are the victim of an attack.

Break the Mold

So, what do you do as an individual? What can you tell your employees about passwords so that they aren’t bringing you unnecessary or added vulnerabilities?

Password management and creation can be overwhelming. With a million passwords for all the stuff you need to keep track of, it can feel more like a chore than a necessary part of keeping your data safe. However, there are certainly ways where you can switch up the passwords you’re using in a memorable way, while storing them somewhere that’s not easily accessible for people who’d like to steal your information.

Here are some password tips and tricks to help you tackle this issue.

Give your employees training on ways that they can better protect themselves and your business by contacting FRSecure.


Jim Nash on EmailJim Nash on Linkedin
Jim Nash
Information Security Evangelist at FRSecure
Jim's experiences in both politics and the InfoSec industry have cultivated him into a strong and animated communicator that has the ability to crystallize difficult concepts into digestible ideas. These skills and experiences have morphed him into a cybersecurity and information security evangelist, focusing on publicizing the need for organizations to make cyber threats a business liability and not just an IT problem.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *