Outdoor retail manufacturer The North Face has forced a password reset for an undisclosed number of customers after they suffered a successful credential stuffing attack that took place on October 9th, 2020. A credential stuffing attack is when attackers use a large collection of stolen username/password combinations to gain access to other online platforms. These attacks work very well against users who reuse their login credentials across several sites with the end goal of stealing as much sensitive information as possible. In the notice of data breach released by The North Face, they state that impacted information includes but is not limited to customer names, birthdays, telephone numbers, billing and shipping addresses, favorite or purchased items, and email preferences. A company spokesman stated, “The perpetrator was not able to view any credit or debit card numbers, expiration date, nor CVVs, because that information is not kept on copy on thenorthface.com.” After the breach was found, the company implemented security measures to limit the account login rate from suspicious sources or showing suspicious patterns.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security