Outdoor retail giant The North Face revealed about a credential stuffing attack that took place last month and they have reset the passwords of an undisclosed number of customers.
In a credential stuffing attack, the threat actors use large collections of username/password combinations that were leaked in previous security breaches to get access to user accounts on other online platforms.
This attack becomes successful mainly on those users who reuse their credentials for multiple online accounts on several sites.
According to a data breach notification sent by the company, the attackers managed to get access to different types of personal information stored on customers’ accounts at thenorthface.com.
The affected information includes customers’ names, birthdays, telephone numbers, billing and shipping addresses, purchased or favorited products, and email preferences.
However, the threat actor was not able to view any credit or debit card numbers, expiration data, nor CVVs, as such information is not kept on copy on thenorthface.com.
A spokesperson said that the site only stores a ‘token’ which cannot be used to initiate purchases anywhere other than thenorthface.com.
Even though the breach notification sent to impacted users does not mention it, an official statement indicates that in some cases “unauthorized purchases” were also made on thenorthface.com.
The company assured that they have offered full refunds for any unauthorized purchases on thenorthface.com, and stated that all customers who could have been impacted were sent official notification.
Upon being aware of the attack after noticing suspicious activity involving the thenorthface.com website, the company immediately implemented security measures to limit the account login rate from suspicious sources or showing a suspicious pattern.
As a precautionary measure, they have also disabled all passwords from accounts that were accessed during the attack.
The company also deleted all tokens associated with customer payment cards for all thenorthface.com accounts.
The affected customers will be asked to enter their payment information again and create new passwords whenever they visit the website next time.
The North Face advises all customers to change their passwords at the company’s online store as well as other stores that uses the same password. They also recommend to not use easy-to-guess passwords.