North Face suffered a “credential stuffing attack” on its corporate e-commerce website on August 11, 2022, exposing customer information.
North Face suffered a “credential stuffing attack” on its corporate e-commerce website on August 11, 2022, exposing customer information.
After investigating the attack, North Face determined that the attackers managed to hack close to 200,000 accounts using valid credentials, potentially accessing the following customer information:
- Full name
- Purchase history
- Billing address
- Shipping address
- Telephone number
- Account creation date
- Gender
- XPLR Pass reward records
Payment details like credit card data are not stored on the website. Thus, the attackers could not access sensitive financial information.
"We do not keep a copy of payment card details on thenorthface.com. We only retain a "token" linked to your payment card, and only our third-party payment card processor keeps payment card details," explains the firm in the breach notification.
“The token cannot be used to initiate a purchase anywhere other than on thenorthface.com."
The brand’s parent firm VF Corporation (formerly Vanity Fair Mills), is sending notices to impacted customers in response to the security incident.
All user passwords have been reset, so the customers with an account on the website must enter a new password.
All payment card tokens on accounts accessed by unauthorised intruders were wiped, so the customers must re-enter their payment card details to purchase.
These users are expected to pick a unique, strong password and avoid the comfort of recycling credentials.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?