Credential stuffing cyberattack aimed at The North Face

The North Face, an American sportswear retailer, has reported unauthorized access to its IT network.

The incident, which took place on 8th and 9th of October, consisted of a credential stuffing attack on their corporate website.

The data affected include: credentials from the website thenorthface.com, email address, purchased products, billing address, shipping address, VIPeak loyalty points, first name, surname, date of birth and telephone number. Payment card information was not affected.

After the attack, the company reacted with security measures such as limiting logins or disabling passwords for the affected accounts. In addition, payment card tokens were removed.

So far, there is no evidence of fraudulent use of the compromised information.