Dunkin' is warning customers that its mobile order and pay app "DD Perks" may have been hacked.
The coffee and doughnut chain's parent company, Dunkin' Brands, revealed Thursday that some usernames and passwords were obtained by third parties, gaining them access to some customers' first and last names, their email addresses and their Perks account number.
The company said it did not experience a security breach, but third parties had accessed customers' usernames and passwords from other companies' breaches and used that information to log into some DD Perks accounts.
Dunkin' was made aware of the breach on Oct. 31 by one of its security vendors but did not disclose how many accounts were compromised.
The company told CNBC that "only a small percent" of accounts were possibly affected.
Dunkin' said it has launched an internal investigation and has forced a password reset that required all potentially impacted DD Perks members to log out and log back into their accounts using a new password.
The company suggests that guests make unique passwords for their account and not reuse passwords from other online accounts.