The North Face, an American outdoor recreation product company, had disclosed a data breach last month. The company said the attackers had used credential stuffing to access some of its customersโ€™ accounts on thenorthface.com.

This led them to reset all such breached accounts and inform customers about it. It assured that no payment data was accessed.

Do Not Use Same Credentials Across All Online Accounts

Using the same login credentials (username and password) across all online accounts is surely a bad practice since any attacker knowing such credentials once can be able to breach all related accounts. An attacker has tried this method on The North Faceโ€™s websiteย and able to check-in PII of some customers.

The North Face Disclosed Data Breach, Resets Account Passwords
The North Face Disclosed Data Breach, Resets Account Passwords

As per the breach notification sent by The North Face to its users, the companyโ€™s online site was attacked by someone last month who used the credential stuffing attack to gain access to its customersโ€™ accounts.

This could be done with a list of possible credentials and trying them one by one. Attackers, in this case, generally obtain the database of such passwords from past breaches.

Here, as per the disclosure, the attacker could access the PII like customersโ€™ names, telephone numbers, birthdays, email preferences, billing, and shipping addresses, purchased, or favorited products.

Further, they assured that no sensitive data like the payment card were accessed. This is because the company hasnโ€™t stored them on their website.

Instead, they created tokens that can be used for initiating a purchase at the site. While it initially didnโ€™t mention that attackers have abused this method too, later in full disclosure, The North Face said some โ€œunauthorized purchasesโ€ were made on thenorthface.com. Theย company has given full refunds to those impacted users.

Finally, as a security practice, the company has reset passwords of all accounts in the attack time period and informed them through emails. Further, they deleted the payment tokens and asked users to set new passwords, which are strong and not used elsewhere.

LEAVE A REPLY

Please enter your comment!
Please enter your name here