Password Attack — The North Face Confirms Data Breach

When it comes to outdoor apparel, fashion brands don’t come much bigger than The North Face. When it comes to data-stealing attacks, hackers don’t get it much easier than using credential-stuffing tactics. The North Face has now confirmed that just such an easy path has been taken by password attackers who managed to steal names, addresses, purchase histories and telephone numbers from affected customers. Here’s what you need to know.

ForbesGoogle Issues Critical New Threat Advisory — Take Action Now

Armed With Customer Passwords, Hackers Attacked The North Face

The North Face is a major player in the fashion industry, boasting an annual revenue of over $3 billion. It should come as no surprise, then, that it is on the radar of cybercriminals. The American retailer, part of the VF Corporation group, which also owns brands such as Dickies, Timberland, and Vans, has confirmed that it suffered a data breach on April 23.

As data breach notifications begin to arrive for affected customers, it becomes possible to reveal what has happened. Confirming that unusual activity was detected on The North Face website, VF Outdoor, LLC, said that “an attacker had launched a small-scale credential stuffing attack” on April 23.

A credential-stuffing attack is when a hacker has access to usernames and passwords from previous breaches, and there are billions of these available online, against other accounts. If your login details are shared across more than one site or service, you are at risk of such an attack. When one account is breached, all others using the same credentials can be compromised by a determined attacker.

ForbesDo Not Ignore This New PIN And Password Hacking List

“Hackers can get started with credential stuffing attacks by investing as little as $500 in credential stuffing software, access to email and password combo lists, and the use of both public and private proxy services for obfuscation,” Benjamin Fabre, CEO of DataDome, said.

The North Face disclosure stated that it quickly disabled passwords to halt the attack, and all users will need to create a new and unique password on the website if they have not already done so. “We strongly encourage you not to use the same password for your account at our website that you use on other websites,” The North Face said.

Information that was compromised included: name, purchase history, shipping address, email address, date of birth and telephone number. However, payment information has not been compromised as a third-party provider handles all site payments.

I have reached out to VF Corporation for a statement regarding the password attack impacting customers of The North Face.

ForbesWindows Email, Passwords, 2FA Codes At Risk — Do Not Wait, Act Now

You May Also Like

How People Use AI Chatbots for Quick Mental Health Advice, New Study Shows

A useful typology outlines the core categories of therapy “micro-bursts” now emerging…

Are David Hockney Prints a Good Investment? What Collectors Should Know Before Buying

David Hockney, widely regarded as one of the most influential artists of…

Non-Coders Are Earning Six Figures in the $4.7 Billion Vibe Coding Boom

Opinions expressed by Entrepreneur contributors are their own. Four practical moves that…

A Proven 10-Step SEO System to Boost Rankings and Drive More Traffic

The views expressed by Entrepreneur contributors are their own. Key Takeaways When…

NYT Connections July 12: Today’s Hints, Categories, and Answers for Sunday

Today’s Connections Credit: NYT / Erik Kain Welcome back, Connections fans. If…

How Many Stocks Do You Need for a Diversified Portfolio?

How many individual shares should an investor own? When we asked three…