The North Face website suffered a credential stuffing attack

Retail giant The North Face has reset the passwords for some of its customers in response to a successful credential stuffing attack.

Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th.

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. This kind of attack is very efficient due to the bad habit of users of reusing the same password over multiple services.

The threat actors were able to gain access to the accounts of several customers and related personal information. Attackers targered accounts resistered to thenorthface.com website.

“We care about the security of your personal information, and we are writing to tell you that we have discovered evidence of unauthorized access to some of your personal information. On October 9, 2020, we were alerted to unusual activity involving our website, thenorthface.com, that prompted us to investigate immediately.” reads a notice of data breach issued by the company. “Following a careful investigation, we concluded that a credential stuffing attack had been launched against our website on October 8 and 9, 2020.”

Exposed data included customers’ names, birthdays, telephone numbers, billing and shipping addresses, purchased products, favorited products, email addresses, VIPeak customer loyalty point total.

The company launched an investigation into the security breach and determined that the attacker previously gained access to customers credentials from a source differed from The North Face and
used them to access accounts on thenorthface.com.

The company pointed out that the attackers were not able to view customers’ financial data.

“If you saved your payment card (credit, debit or stored value card) to your account on thenorthface.com, the attacker was not able to view your payment card number, expiration date, nor your CVV (the short code on the back of your card), because we do not keep a copy of that information on thenorthface.com. We only retain a “token” that we have linked to your payment card, and only our third-party payment card processor retains payment card details.” continues the notice. “The token cannot be used to initiate a purchase anywhere other than on thenorthface.com. Accordingly, your credit card information is not at risk as a result of this incident.”

The attack also resulted in “unauthorized purchases” that were made on thenorthface.com site, and the company offered refunds for any unauthorized purchases.

The company disabled all passwords from accounts that were accessed by hackers and erased all payment card tokens from all accounts on
thenorthface.com.

Impacted users will be asked to enter their payment information again and create new passwords next time they will access their accounts on the company’s website.

“Please change your password at thenorthface.com and at all other sites where you use the same password. In addition, we recommend avoiding using easy-to-guess passwords.” concludes the company.

“We strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites, because if one of those other websites is breached, your email address and password could be used to access your account at thenorthface.com.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, The North Face)

[adrotate banner=”5″]

[adrotate banner=”13″]