Dell, Dunkin Donuts Reset Passwords After Incidents
Dell and Dunkin Donuts have both initiated password resets after experiencing separate security incidents that appeared aimed at gaining access to customer accounts.
Dell says it detected an incident on Nov. 9 in which attackers sought names, email addresses and hashed passwords. Dunkin Donuts says its issues likely involved the reuse of leaked credentials from other breaches in order to take over DD Perks accounts, the company's rewards and gift card program.
As a result, both companies opted for password resets with the hope that customers won't recycle ones that they've already used on other services. Reusing passwords fuels so-called "credential stuffing" attacks, in which attackers use leaked sets of credentials to see what other accounts can be unlocked.