Clothing Company ‘North Face’ Hit Credential Stuffing Attack
Clothing company ‘North Face‘ website faced a credential stuffing attack, the company has reset the customers’ credentials. In a recent cybersecurity incident, North Face informed its customers that it suffered a data breach attack.
On its website, the customers can explore through clothing and accessories collection and buy apparel; they can also earn loyalty points when they buy a thing. Further inquiry revealed that hackers attacked The North Face on 8th and 9th October.
The North Face says, “we strongly encourage you not to use the same password for your account at North Face’s website that you use on other websites because if one of those other websites is breached, your email address and password could be used to access your account at North Face’s website. Besides, we recommend avoiding using easy-to-guess passwords.”
In credential stuffing, hackers attack users who re-use their login credentials for different accounts or platforms. The hackers use ID and passwords stolen from other attacks, for instance, a data breach, and use the credentials for hacking purposes. The hackers use stolen login credentials to gain unauthorized access to websites. The entire process is mostly automatic, and now the hackers have modified their strategies and gained leverage in these types of attacks.
Hackers have been successful in stealing data from prominent organizations like Dunkin Doughnut. The company suffered two cyberattacks in three months.
As per the investigation, The North Face believes that it is probable that the hackers stole user credentials from any other source or website and used that information to attack the company’s user accounts. According to StatSocial, The North Face leads the U.S market in the clothing and accessories segment, generating $2 Billion of the total $4 Billion revenue in 2019.
The company didn’t reveal the number of customers attacked; however, SimiliarWeb says that The North Face website had 6.96 Million customers in October. “We do not believe that the attacker obtained information from us that would require us to notify you of a data security breach under applicable law, but we are notifying you of the incident voluntarily, out of an abundance of caution,” says The North Face.