The North Face - Attaque credential stuffing

200,000 accounts hacked on the website!

Clothing and gear brand The North Face was the target of a credential stuffing cyberattack that allowed hackers to gain access to 194,905 user accounts on site. What happened?

As a reminder, an attack of the type credential stuffing consists of attempting to connect to a platform by reusing identifiers (combination of usernames and passwords) obtained from various data leaks. Suddenly, the success of such an attack depends on the users, because all the people who use the same pair “username + password” on several sites, are likely to be affected. This also depends on the frequency of renewal of passwords.

This attack on The North Face website began on July 26, 2022… And it ended on August 19, 2022, following actions taken by the administrators who detected the attack only on August 11, 2022. Following the detection of this attack, The North Face carried out investigations and it turns out that the hackers were able to access almost 200,000 user accounts.

By accessing an account, several information becomes available:

  • Surname, first name and gender
  • Delivery and billing address
  • Order history
  • Phone number
  • Account creation date
  • Token linked to the payment card

The good news is that the bank details are not stored directly on the website, so the hackers could not access this sensitive information. On this subject, The North Face states: “We do not retain copies of payment card data on We only store a “token” linked to your payment card, and only our third-party payment card processor stores payment card details.“. This famous token cannot be used elsewhere than on the site.

As a precautionary measure, all user passwords have been reset and all tokens associated with payment cards have been cleared. This means that customers are going to have to create a new password and re-enter payment information on the next order. In any case, it is better to avoid saving your payment data on e-commerce sites.

This is not the first time that The North Face has been the victim of a type attack credential stuffing : this is the second, and the first was in November 2020.



#accounts #hacked #website

Leave a Comment

Your email address will not be published. Required fields are marked *