Security News > 2020 > November > The North Face resets passwords after credential stuffing attack
Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th. Credential stuffing is a type of attack where threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.
Immediately after detecting the attack after noticing suspicious activity involving the thenorthface.com website, the company implemented security measures to limit the account login rate from suspicious sources or showing a suspicious pattern.
"As a further precaution, we disabled all passwords from accounts that were accessed during the timeframe of the attack," customers were also told.
The North Face also deleted all tokens associated with customer payment cards for all thenorthface.com accounts.
"Please change your password at thenorthface.com and at all other sites where you use the same password," The North Face says in the breach notification later.