Threat Watch

Credential Stuffing Attack Leaves The North Face Customers At Risk

The North Face has announced a security incident that was noticed by their security team on August 11. The credential stuffing attack was carried out for nearly a month, from July 26 to August 19.  Although it is common for attackers to target payment information when breaching online retail accounts, The North Face has assured that they do not store payment information on their site. The online store only captures a tokenized version of the payment information that cannot be accessed directly from the account. However, other information could have been accessed including purchase history, billing and shipping address, preferences, email address, first and last name, date of birth, telephone number, unique North Face ID number, gender, and XPLR Pass reward records. The North Face removed the payment tokens and forced password resets for account holders. This will cause customers to create a new password and re-enter their payment information upon login and making an online purchase.

ANALYST NOTES

Due to the extent of the information that was potentially accessed, the threat actors who obtained it could carry out realistic phishing attacks and possible identity fraud. North Face account holders should be vigilant moving forward and report any suspicious emails or other activity to the proper parties. Reusing passwords can pose a major security risk and is never recommended. If North Face account holders have reused their password on other platforms, it should be changed immediately.

https://www.infosecurity-magazine.com/news/north-face-credential-stuffing/