The North Face clothing brand, which specialises in outdoor and heavy weather outerwear, has experienced a “large-scale” credential stuffing attack. This has resulted in no fewer than 194,905 accounts being compromised. What is credential stuffing, and how did it affect The North Face customers?
What is credential stuffing?
Credential stuffing is an attack reliant on service users being a little lax with their password practices. If users of Site A reuse their password on sites B and C, this is a problem. Should Site A ever be compromised, those login details are exposed. They might end up on data dumps, or forums, or anywhere else you care to imagine. People with access to the credentials from Site A will then try them on sites B and C, often via automation. If the user has reused their password, the accounts on those additional sites will also be vulnerable.
Indeed, sometimes people will also reuse credentials from one site as their password for their email address too. This provides attackers with further inroads for all accounts tied to the address, and could end with a user losing access to many more of their online accounts.
Password reuse is tempting, because it's impossible to remember a different password for each online account. That's why people are encouraged to use tools like password managers, as they make it easy to generate and remember all your passwords. With this in place, victims are limited to “just” the fallout from the initial attack and can quickly take appropriate action.
Which details are at risk from attackers?
According to Bleeping Computer, the North Face attacks began on July 26, with site operators detecting unauthorised activity on August 11. The attacks were shut down completely by August 19. Some of the information potentially accessed includes:
- Billing address
- Purchase history
- Shipping address
- Telephone number
No payment details were accessed, which is very good news for anyone impacted by the stuffing attacks.
Please notice this breach
Data breach notices are being sent to anyone affected. Additionally, passwords have been reset and new login details will be required. Hopefully users will take note of the following suggestions:
Please change your password at thenorthface.com and other sites where you use the same password. We strongly encourage you not to use the same password for your account at thenorthface.com that you use on other websites. If a breach occurs on one of those other websites, an attacker could use your email address and password to access your account at thenorthface.com.
In addition, we recommend avoiding using easy-to-guess passwords. You should also be on alert for schemes known as “phishing” attacks, where malicious actors may pretend to represent The North Face or other organizations. You should not provide your personal information in response to any electronic communications regarding a cybersecurity incident. We have included below further information on steps you may consider taking to protect your credit.
It remains to be seen what the fallout from this one will be. With the type of data listed above, it's fair to say that phishing and social engineering will likely be close to the top of the follow-up threat pile. Stay safe out there!