The North Face has reset all of their users passwords from their website after an attacker lunched a credential staffing attack. On Oct 9th the company has notified their customers regarding the unusual activity on their website.
Credential attack is accomplished by using a credential that were being compromised in the other data breaches and using those credentials to log in to other websites. Accordingly to the article, attacker were able to access to information saved within the account which of the account they were able to access it. The information they could have access is the billing address, shipping address, first and last name, email address, birthday, and phone number. Company does not hold any of the payment information on the portal which the customer has access to which means the attacker was not able to access the payment information such as debit/credit card number, CVV, or the expiration date.
References:
O’Donnell, L. 2020. Credential-Stuffing Attack Hits The North Face. Retrieved from: https://threatpost.com/credential-stuffing-attack-north-face/161190/
Leave a Reply
You must be logged in to post a comment.