Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th.
Credential stuffing is a type of attack where threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.
Such attacks work particularly well against users who reuse their credentials for multiple online accounts on several sites.
Their end goal is to gain access to as many accounts as possible onto the targeted site and to steal sensitive information, steal money, or take over the identities of the account owners.
No payment information accessed in the attack
The attackers were able to gain access to various types of personal information stored on customers’ accounts at thenorthface.com according to a notice of data breach sent to affected clients.
Potentially impacted information that may have been accessed via compromised accounts includes but is not limited to customers’ names, birthdays, telephone numbers, billing and shipping addresses, purchased or favorited products, and email preferences.
“The perpetrator was not able to view any credit or debit card numbers, expiration data, nor CVVs, because that information is not kept on copy on thenorthface.com,” a company spokesperson told BleepingComputer.
“The site only stores a ‘token’ which cannot be used to initiate purchases anywhere other than thenorthface.com.”
While the breach notification sent to impacted users does not mention it, an official statement hints at the fact that, in some cases, “unauthorized purchases” were also made on thenorthface.com.
“We have offered full refunds for any unauthorized purchases on thenorthface.com, and all customers who could have been impacted were sent official notification,” BleepingComputer was told.
Passwords reset, all stored payment tokens deleted
Immediately after detecting the attack after noticing suspicious activity involving the thenorthface.com website, the company implemented security measures to limit the account login rate from suspicious sources or showing a suspicious pattern.
“As a further precaution, we disabled all passwords from accounts that were accessed during the timeframe of the attack,” customers were also told.
The North Face also deleted all tokens associated with customer payment cards for all thenorthface.com accounts.
Impacted users will be asked to enter their payment information again and create new passwords next time they visit the company’s online store.
“Please change your password at thenorthface.com and at all other sites where you use the same password,” The North Face says in the breach notification later. “In addition, we recommend avoiding using easy-to-guess passwords.”
“We strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites, because if one of those other websites is breached, your email address and password could be used to access your account at thenorthface.com.”