Credential-Stuffing Attack Hits The North Face

2020-11-13 16:07

The North Face has reset its customers' passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter's website.

There, customers can buy clothing and gear online, create accounts and gain loyalty points as part of its "VIPeak Rewards Program." After further investigation, The North Face concluded that attackers had launched a credential-stuffing attack against its website from Oct. 8 to Oct. 9.

The North Face did not disclose how many customers were impacted by the attack, but it could be considerable: According to SimilarWeb, the website received 6.96 million website visitors in October.

The North Face does not keep a copy of payment-card data on thenorthface.com - meaning attackers were not able to view payment-card numbers, expiration dates or CVVs. The North Face said that once it became aware of the incident, the company implemented measures that limit account logins from sources that are suspicious or in patterns that are suspicious.

The North Face encouraged customers to ensure that they use unique passwords and don't repeat their passwords in general.

News URL

https://threatpost.com/credential-stuffing-attack-north-face/161190/

#attack #credential

News URL

Related news