A credential-stuffing attack on The North Face has forced the US-based outdoor retailer to disable the account passwords of an undisclosed number of online customers.
According to a data breach notification letter sent to impacted shoppers, the incident was discovered last month. “On October 9, 2020, we were alerted to unusual activity involving our website, thenorthface.com, that prompted us to investigate immediately,” the message reads. “Following a careful investigation, we concluded that a credential stuffing attack had been launched against our website on October 8 and 9, 2020.”
In credential-stuffing attacks, cybercriminals use previously leaked or breached login credentials (username and password) to gain access to additional online accounts and exfiltrate sensitive data such as credit card and personal information.
In most cases, credential-stuffing attacks occur when individuals use the same username and password combination to setup various online accounts.
“Based on our investigation, we believe that the attacker previously gained access to your email address and password from another source (not from The North Face) and subsequently used those same credentials to access your account on thenorthface.com,” the company added.
The information viewed by the perpetrators includes:
• Merchandise purchased on thenorthface.com
• Products saved in the “favorites” section of the account
• Billing and shipping address
• VIPeak customer loyalty point total
• Email preferences
• First and last name
• Date of birth (if saved on the account)
• Telephone number (if entered and saved on the account)
The merchant emphasized that no credit card information is at risk. “The attacker was not able to view your payment card number, expiration date, nor your CVV (the short code on the back of your card) because we do not keep a copy of that information on thenorthface.com,” The North Face said. “We only retain a “token” that we have linked to your payment card, and only our third-party payment card processor retains payment card details. The token cannot be used to initiate a purchase anywhere other than on thenorthface.com.”
To safeguard shoppers’ personal information, all impacted user account passwords accessed October 8-9 were disabled, and all payment card tokens deleted.
Shoppers are urged to create a unique password when they log in to their online account and re-enter their payment details when purchasing. To protect against further misuse of their online accounts, users are encouraged to reset the password for any account that used the same login credentials as thenorthface.com.
Impacted individuals should also be wary of phishing emails leveraging the incident. Never provide personal or financial information to individuals contacting you via email, social media or text messages.
It’s never a bad idea to also monitor your financial accounts for suspicious activity and enable credit card alerts. These small steps can reduce the probability of identity theft and fraud.