The North Face, an American outdoor recreation product company, had disclosed a data breach last month. The company said the attackers had used credential stuffing to access some of its customersโ accounts on thenorthface.com.
This led them to reset all such breached accounts and inform customers about it. It assured that no payment data was accessed.
Do Not Use Same Credentials Across All Online Accounts
Using the same login credentials (username and password) across all online accounts is surely a bad practice since any attacker knowing such credentials once can be able to breach all related accounts. An attacker has tried this method on The North Faceโs websiteย and able to check-in PII of some customers.
As per the breach notification sent by The North Face to its users, the companyโs online site was attacked by someone last month who used the credential stuffing attack to gain access to its customersโ accounts.
This could be done with a list of possible credentials and trying them one by one. Attackers, in this case, generally obtain the database of such passwords from past breaches.
Here, as per the disclosure, the attacker could access the PII like customersโ names, telephone numbers, birthdays, email preferences, billing, and shipping addresses, purchased, or favorited products.
Further, they assured that no sensitive data like the payment card were accessed. This is because the company hasnโt stored them on their website.
Instead, they created tokens that can be used for initiating a purchase at the site. While it initially didnโt mention that attackers have abused this method too, later in full disclosure, The North Face said some โunauthorized purchasesโ were made on thenorthface.com. Theย company has given full refunds to those impacted users.
Finally, as a security practice, the company has reset passwords of all accounts in the attack time period and informed them through emails. Further, they deleted the payment tokens and asked users to set new passwords, which are strong and not used elsewhere.