The North Face, an American outdoor recreation product company, had disclosed a data breach last month. The company said the attackers had used credential stuffing to access some of its customers’ accounts on thenorthface.com.

This led them to reset all such breached accounts and inform customers about it. It assured that no payment data was accessed.

Do Not Use Same Credentials Across All Online Accounts

Using the same login credentials (username and password) across all online accounts is surely a bad practice since any attacker knowing such credentials once can be able to breach all related accounts. An attacker has tried this method on The North Face’s website¬†and able to check-in PII of some customers.

The North Face Disclosed Data Breach, Resets Account Passwords
The North Face Disclosed Data Breach, Resets Account Passwords

As per the breach notification sent by The North Face to its users, the company’s online site was attacked by someone last month who used the credential stuffing attack to gain access to its customers’ accounts.

This could be done with a list of possible credentials and trying them one by one. Attackers, in this case, generally obtain the database of such passwords from past breaches.

Here, as per the disclosure, the attacker could access the PII like customers’ names, telephone numbers, birthdays, email preferences, billing, and shipping addresses, purchased, or favorited products.

Further, they assured that no sensitive data like the payment card were accessed. This is because the company hasn’t stored them on their website.

Instead, they created tokens that can be used for initiating a purchase at the site. While it initially didn’t mention that attackers have abused this method too, later in full disclosure, The North Face said some “unauthorized purchases” were made on thenorthface.com. The¬†company has given full refunds to those impacted users.

Finally, as a security practice, the company has reset passwords of all accounts in the attack time period and informed them through emails. Further, they deleted the payment tokens and asked users to set new passwords, which are strong and not used elsewhere.

VIABleepingComputer

LEAVE A REPLY

Please enter your comment!
Please enter your name here