Threat Watch

North Face Suffers Credential Stuffing Attack

Outdoor retail manufacturer The North Face has forced a password reset for an undisclosed number of customers after they suffered a successful credential stuffing attack that took place on October 9th, 2020. A credential stuffing attack is when attackers use a large collection of stolen username/password combinations to gain access to other online platforms. These attacks work very well against users who reuse their login credentials across several sites with the end goal of stealing as much sensitive information as possible. In the notice of data breach released by The North Face, they state that impacted information includes but is not limited to customer names, birthdays, telephone numbers, billing and shipping addresses, favorite or purchased items, and email preferences. A company spokesman stated, “The perpetrator was not able to view any credit or debit card numbers, expiration date, nor CVVs, because that information is not kept on copy on thenorthface.com.” After the breach was found, the company implemented security measures to limit the account login rate from suspicious sources or showing suspicious patterns.

ANALYST NOTES

In an effort to additionally help secure their clients, The North Face has removed saved payment information for all impacted users. Affected users will have to create new login credentials and reenter their payment information on their next visit to the company’s website. It cannot be stressed enough that it is necessary to create unique passwords for each site that are long and random, using a password manager rather than memory to keep track of login information. For any site that allows it, setting up Multi-Factor Authentication (MFA) is an excellent step to secure accounts even if an attacker gets the password. These passwords should never be used for any other login.

Source article: https://www.bleepingcomputer.com/news/security/the-north-face-resets-passwords-after-credential-stuffing-attack/