"The North Face Warns of Major Credential Stuffing Campaign"

Outdoor clothing giant The North Face has recently notified customers that their account may have been compromised after noticing unusual activity on its website last month.  The company detected the credential stuffing attack on August 11, although the campaign lasted from July 26 to August 19, according to a data breach notification notice.  Credential stuffing exploits consumers that reuse passwords.  Once a password/username combination has been breached, hackers will run it through automated software that tries it against numerous other websites and apps to see which accounts it might unlock.  The end goal is typically to harvest any personal information stored in these accounts, to resell access on the dark web and/or to use stored card details to make fraudulent purchases.  North Face noted that it tokenized payment card information so that threat actors could not access this data.  However, the retailer did warn some customers that attackers may have been able to hijack their accounts with previously breached credentials.  If so, they may have been able to access information including purchase history, billing and shipping address, preferences, email address, first and last name, date of birth, telephone number, unique North Face ID number, gender, and XPLR Pass reward records.  This would certainly be enough to attempt follow-on identity fraud or launch convincing phishing attacks.  On discovering the incident, the company said it disabled passwords and erased payment card tokens from affected accounts.  The company will require these users to enter a new password and re-enter payment details the next time they log in.

Infosecurity reports: "The North Face Warns of Major Credential Stuffing Campaign"