Credential Stuffing Attack On The North Face
Table of Contents
- By Steven
- Sep 22, 2022
The North Face is an outdoor apparel company owned by VF Corporation. They are known for their winter clothing and outerwear that protects people from some of the coldest weather on the planet. Its sister companies include Altra, Kipling, Dickies, Van's, etc.
On July 6th, 2022, a breach began on The North Face's website. The breach was discovered on August 11th, 2022, and was stopped on August 19th, 2022. The breach has affected almost 200,000 North Face customers.
How Did the Attack Occur?
The attack was made through a method called credential stuffing. Credential stuffing is when an unauthorized party uses a different data breach's stolen email addresses and passwords to access a specific person's account. This relies entirely on password recycling, where you use the same password for multiple accounts. While it took over a month to note the strange activity on the site,
The North Face did everything in its power to shut down the breach quickly and efficiently. It took the company just over a week to note how many affected customers there were, 194,905, but as soon as possible, it reset every compromised password and removed the payment method from the accounts.
What Information Was Viewed or Stolen?
The accessed information included but was not limited to the affected consumers' full name, gender, address, purchase history, and phone numbers. “We do not keep a copy of payment card details on thenorthface.com. We only retain a “token” linked to your payment card, and only our third-party payment card processor keeps payment card details,” the breach notification letter (source Bleeping Computer) said.
The North Face has assured customers that none of their financial information was accessed in the breach. "The token cannot be used to initiate a purchase anywhere other than on thenorthface.com."
How Did North Face Admit to the Breach?
The North Face began to send notification letters to affected customers in August of 2022, notifying North Face and Van's customers of the leak. They explained the courses of action they were taking and what the customers could do to keep themselves safe.
They also explained that while no credit or debit card information was affected or stolen, anyone using thenorthface.com would need to verify their payment information before making another purchase.
What Will Become of the Stolen Information?
At this point, hackers can use the stolen data on any website that shares any information with thenorthface.com. The hackers will likely use the same credential stuffing method on other sites; who knows how much of the leaked data they could have. Changing and resetting passwords and emails is the best and safest thing the affected individuals could do.
What Should Affected Parties Do in the Aftermath of the Breach?
Privacy advocate at Comparitech, Paul Bischoff, stated that the attackers won't stop at The North Face. "If you have a North Face account and it has a password that's the same as other account passwords, you should change all of them immediately."
It's recommended to reset the password of all accounts that share login credentials with infiltrated accounts at thenorthface.com. In addition, they should remain on guard for phishing attacks attempting to take personal information. Hackers may act as a North Face employee by using stolen information.