The North Face confirmed that its website, thenorthface.com, was impacted by a large-scale “credential stuffing attack” that resulted in the hacking of 194,905 customer accounts.
In a notification sent to customers who may have had information exposed in the attack, The North Face said that on August 11, 2022, it detected unusual activity on its corporate e-commerce website.
Following an investigation, the brand concluded that attackers launched a credential-stuffing attack against its site between July 26 and Aug. 19, 2022. A “credential stuffing attack” is a type of cybersecurity attack where the attacker uses account authentication credentials, such as email addresses, usernames and passwords, often obtained from another source, such as a breach of another company, to gain unauthorized access to accounts.
The North Face said it believes that the attackers obtained email addresses and passwords of some customers and may have also accessed the information stored on customer accounts, including customer first and last name, date of birth, billing and shipping address(es), telephone number(s), unique TNF customer ID numbers, gender, date an account was created, reward member records, products purchased on the site, and customer preferences.
Following the credential stuffing attack, the North Face reset all users’ passwords and wiped all payment tokens on accounts accessed by the hackers. Its parent company, VF Corp., has also sent all customers notices of the data breach and recommended changing passwords on any other accounts that use the same as the user’s North Face account.
“You should also be on alert for schemes known as ‘phishing’ attacks, where malicious actors may pretend to represent The North Face or other organizations. You should not provide your personal information in response to any electronic communications regarding a cybersecurity incident,” it added.
Photo courtesy The North Face