The North Face Breach – When Previous Attacks Come Back to Haunt Us

2022 has had its fair share of data breaches, resulting in the exposure of millions of people all around the world. Future attacks are inevitable, but when old ones create new breaches, things get out of hand. It’s called a “credential stuffing attack,” and it’s exactly what happened to outdoor apparel brand – The North Face.

Thanks to data stolen from old cyber attacks, threat actors were able to breach the thenorthface.com website and hack over 194,905 accounts.

The breach is huge, and it sets an opening for other attackers to commit further malicious activities. Now, what kind of data were the attackers able to harvest? How big is the breach? Find out below.

North Face Breached – A Sophisticated Credential Stuffing Attack

Data breaches occur out of nowhere, and when a company is not well prepared, the threat actors can do a lot of damage on the spot.

Once the victim discloses the breach, they take proper precautions to avoid any future ones. However, what’s done is done, and the impact is still there. Cybercriminals can use the data again and again in their malicious activities.

For example, a simple vulnerability put every single tech company on edge a while ago. While these companies enhanced their security measurements, the Log4Shell vulnerability is still being exploited up till now.

Now, threat actors are using the credential stuffing technique, where they utilize email addresses, usernames, and password combinations from previously executed attacks.

North Face ended up being the new target of such a technique, resulting in the hacking of more than 194,905 accounts. The attackers were able to harvest the following:

• Full name.
• Purchase history.
• Billing address.
• Shipping address.
• Telephone number.
• Account creation date.
• Gender.
• XPLR Pass reward records.

The company acknowledged the attack and issued a notice to everyone who had any information on their website. In the statement, they mentioned when and how the attack was executed:

“On August 11, 2022, we detected unusual activity on our website, thenorthface.com. Following a careful investigation, we concluded that attackers launched a credential stuffing attack against our website, thenorthface.com, between July 26 and August 19, 2022.”

Now the real question is: Aside from the aforementioned data, did the cybercriminals get their hands on any payment information? The answer is no. North Face explained that in this statement:

“We do not keep a copy of payment card details on thenorthface.com. We only retain a “token” linked to your payment card, and only our third-party payment card processor keeps payment card details. The token cannot be used to initiate a purchase anywhere other than on thenorthface.com.”

The company has directly reset all user passwords and wiped all the payment card tokens on accounts accessed by unauthorized intruders.

As a result, the impacted customers will now have to submit a new password and re-enter their payment card details to make a purchase.

A New Breach – Normal Cyberattacks Are So Last Season

Such breaches will occur in the future, and users should always take proper precautions to fend them off. If any of you is using the same passwords on other online platforms, we highly recommend you change them immediately.

Not to mention that stolen data may lead to phishing attacks. That’s where you should be extra careful. Always be vigilant when you’re submitting your information. Don’t take your data for granted. If anyone manages to access it, they can do a lot of damage, especially to your privacy.