Tons of North Face customer accounts were reportedly hacked and many personal data were stolen. Close to 200,000 accounts of North Face have been hit in credential stuffing attacks.
Tons of North Face Customer Accounts Reportedly Hacked
North, an outdoor clothing brand has now been hit by a major cyberattack as per many reports. The attack has seen close to 200,000 accounts of customers hacked.
The company recently confirmed that its thenorthface.com website was impacted by a large-scale credential stuffing attack that has therefore resulted in the hacking of its 194,905 customer accounts. The attackers were able to get their hands on user mail addresses and passwords and also personal information that is stored on accounts. It however appears that no payments or card data were affected.
North Face Is At the Moment Contacting Customers That Were Affected
The company as of now is contacting customers that were affected by the attack and then informing them of the incident, instructing them on how to immediately update their passwords.
The North Face in a reach notification document told its customers that it had detected ‘unusual activity’ on its website on august 11 2022. The company found out that attackers had launched a credential stuffing attack against the website at some point between July 26 and august 19, 2022 following an investigation.
How Credential Stuffing Attacks Work
Credential stuffing attacks normally see criminals make use of login or authentication details such as email addresses and passwords taken from previous data breaches or leaks in a bid to find other accounts to log in to.
And in this case, The North Face confirmed the attackers would have been able to access details such as full names, purchase history, billing and shipping addresses, telephone numbers, and even gender.
No payment details fortunately were stored on the website. That being said, all credit and debit card data remained safe.
What the Company Has To Say about the Attack
“We do not keep a copy of payment card details on thenorthface.com. We only retain a “token” linked to your payment card, and only our third-party payment card processor keeps payment card details,” the company cited. “The token cannot be used to initiate a purchase anywhere other than on thenorthface.com.”
User accounts and passwords that were affected have been reset, with users being instructed to select strong and unique passwords that have not been used on any other platforms or websites.