Outdoor clothing giant The North Face has notified customers that their account may have been compromised, after noticing unusual activity on its website last month.
It detected the credential stuffing attack on August 11, although the campaign lasted from July 26 to August 19, according to a data breach notification notice seen by Infosecurity.
What does credential stuffing do ?
Credential stuffing exploits consumers that reuse passwords.
Once a password/username combination has been breached, hackers will run it through automated software that tries it against numerous other websites and apps, to see which accounts it might unlock.
However their goal is typically to harvest any personal information stored in these accounts, to resell access on the dark web and/or to use stored card details to make fraudulent purchases.
Even so, North Face explained that it tokenized payment card facts so that danger actors could not accessibility this facts.
“The attacker could not watch a total payment card range, expiration day, or a CVV. We do not maintain a copy of payment card information on thenorthface.com,” it noted.
The retailer did warn some customers that attackers may have been able to hijack their accounts with previously breached credentials. If so, they may have been able to access information including purchase history, billing and shipping address, preferences, email address, first and last name, date of birth, telephone number, unique North Face ID number, gender and XPLR Pass reward records.
If the same password is used on other sites/apps they should change these to unique, strong credentials, it added.
Credential stuffing attacks are particularly prolific across retail and financial services sites.