The North Face warns customers of credential stuffing
The North Face notified its customers that their accounts may have been subject to a credential stuffing attack. The company claims that the attackers could not get the full payment card details as the company does not keep a copy of the payment, but they may have access to the customer’s other personal information such as purchase history, name, and date of birth, among others.
Following an unusual activity detected by the clothing company in August, The North Face notified its customers that their accounts may have been subject to a credential stuffing attack. Essentially, credential stuffing exploits consumers’ passwords, run them through automated software and then attempt to access other website and applications. Hackers typically use such personal information to resell access on the dark web or make other fraudulent purchases. The North Face claims that the attackers could not get the full payment card details as the company does not keep a copy of the payment. Instead, the company warned that hackers may have been able to access information including, ‘purchase history, billing and shipping access, preferences, email address, first and last name, date of birth, telephone number, unique North Face ID number, gender, and XPLR Pass reward records’. The company is investigating the incident and claims that it has disabled passwords and erased payment card tokens from affected accounts.