Outdoor apparel ‘The North Face’ lost over 200K data to hackers

September 8, 2022
Outdoor Apparel The North Face US Compromised Data Hackers Credential Stuffing Intrusion

One of the most popular outdoor apparel firms, ‘The North Face,’ had recently suffered from a cyberattack incident involving threat actors launching credential stuffing on their website. This incident caused a compromise to over 194,000 user accounts on the outdoor apparel firm’s official website.

During credential stuffing campaigns, the hackers attempt to intrude into user accounts of websites using credentials, such as email addresses, usernames, and passwords, they have acquired from other data breach incidents.

While the attack on the outdoor apparel firm initially commenced last July 26, its website admins only detected unusual activity on August 11. Subsequently, the firm’s security team immediately began mitigation measures until they obstructed it on August 19.

 

Based on investigations, the cyberattack allowed threat actors to hack into user accounts on the outdoor apparel firm’s website, compromising massive critical information of customers.

 

These compromised customer data include full names, billing and shipping addresses, purchase histories, contact numbers, genders, account creation dates, and XPLR Pass reward records.

Fortunately, The North Face confirmed that their customers’ financial information was not included in the hack since these sensitive banking details are not stored on their website.

The outdoor apparel firm’s parent company, VF Corporation, had begun notifying affected customers through email. In addition to the measures applied, user account passwords were all reset, and all of the customers’ payment card tokens that had been hacked were deleted.

Because of these incident response mitigations, all affected customers must register new passwords on their North Face accounts and re-enter their banking information. To ensure that the same incident is avoided in the future, users must establish a stronger and longer password combination.

Hackers mostly succeed in credential stuffing campaigns when users keep on reusing their passwords on all of their accounts online. Account compromises could be avoided if users will begin applying unique passwords to their accounts on different platforms, making them strong and not easy to guess.

In November 2020, The North Face also implemented a wide-scale password reset on their website because of the same cyberattack incident concerning credential stuffing.

About the author