Nearly 200,000 user accounts belonging to outdoor apparel company The North Face were compromised in a recent breach.
Officials said a large-scale credential stuffing attack on thenorthface.com affected 194,905 client accounts.
So The email addresses, passwords, and other account-related data were compromised. However, it appears that no financial information was taken.
Split in the North Face
Affected consumers are being contacted by the company at this time to alert them of the attack and request that they change their passwords immediately.
The North Face notified its customers on August 11, 2022, of “unusual behaviour” on their website. After analysis, hackers launched a credential stuffing attack between July 26 and August 19, 2022.
In credential stuffing attacks, hackers try to gain access to other accounts by using login information stolen in earlier data breaches or leaks, such as email addresses and passwords.
The North Face has stated that the hackers might have accessed the customers’ entire names, billing and shipping addresses, phone numbers, and even their genders.
The site never saved consumers’ credit card or debit card information, which is a relief.
thenorthface.com does not store credit card numbers, only a “token” associated with the number. So you can only use the token to begin a purchase on thenorthface.com.
All impacted accounts’ passwords have been changed, and users must choose new, secure passwords they won’t misuse.