- The attackers breached 195,095 accounts with valid credentials, which allowed them to gather customer information.
- The North Face reset all user passwords and all payment card tokens are wiped after the investigation.
- The company stated that they do not keep a copy of payment card details, thus users’ credit cards are not at risk.
The popular outdoor apparel brand, The North Face suffered a credential stuffing attack. As a result, approximately 200,000 accounts are hacked on the company’s official website. The credential stuffing attack means that attackers are using either email addresses and usernames and password combinations gathered from data breaches to hack into accounts. Thus, users who are using the same username/email and password combination in multiple services are at extra risk.
Credential stuffing
The investigation showed that the attack started on the 26th of July, however, the admins could detect the unusual activity almost two weeks later, on August 11. Finally, the company managed to stop the attack on August 19. The attackers breached 195,095 accounts with valid credentials, which allowed them to gather customer information like full name, purchase history, billing and shipping address, telephone number, account creation date, gender, and XPLR Pass reward record.
The company also confirmed that users’ credit card data are not at risk. The company’s parent firm, VF Corporation stated that they do not keep a copy of payment card details. The company only retains a “token” linked to the payment card, and only our third-party payment card processor keeps payment card details. This token can not be used anywhere else to initiate a purchase.
After the incident, The North Face reset all user passwords and all payment card tokens are wiped. Users need to enter a new password and provide the payment card details again to make a purchase. In the breach notification, the company also said,
« Please change your password at thenorthface.com and other sites where you use the same password. We strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites. If a breach occurs on one of those other websites, an attacker could use your email address and password to access your account at thenorthface.com. In addition, we recommend avoiding using easy-to-guess passwords. You should also be on alert for schemes known as “phishing” attacks, where malicious actors may pretend to represent The North Face or other organizations. You should not provide your personal information in response to any electronic communications regarding a cybersecurity incident. »