Dunkin Donuts has suffered its second credential-stuffing attack in three months. Names, email addresses, account numbers and QR codes were potentially exposed. Hackers can sell the account s credentials, or offer direct access to the accounts to people that go on to use the stored value, coupons, points and so on contained in them for themselves. The company has forced a password reset that requires all of the potentially impacted DD Perks account holders to log out and log out using a new password.
Source: https://threatpost.com/dunkin-credential-stuffing/141754/