reports that outdoor clothing company The North Face had nearly 200,000 accounts on its website compromised as a result of an extensive credential stuffing attack
that commenced in July.
Threat actors were able to conduct the attack on The North Face website beginning on July 26. Malicious activity was then identified on Aug. 11 before being stopped eight days later. Attackers were able to leverage valid credentials to hack 194,905 accounts and potentially access names, billing and shipping addresses, gender information, telephone numbers, purchase history, account creation dates, and XPLR Pass reward records, according to The North Face, which emphasized that credit card information has not been impacted by the incident.
"We do not keep a copy of payment card details on thenorthface.com. We only retain a 'token' linked to your payment card, and only our third-party payment card processor keeps payment card details. The token cannot be used to initiate a purchase anywhere other than on thenorthface.com," said the company.