A recent security alert has been issued by a major outdoor gear and apparel retailer regarding a security incident affecting customer accounts. The company has informed customers about a credential stuffing attack that targeted their website back in April.
During this attack, malicious actors attempted to log into customer accounts using email addresses and passwords that were likely compromised in breaches of other, unrelated online services. This method exploits the common practice of users reusing the same credentials across multiple websites.
The retailer became aware of the attack later and initiated an investigation. It was determined that in certain cases, the attackers were successful in gaining unauthorized access to customer accounts. While the extent of access varies, the information potentially viewed or accessed includes profile details such as name, email address, phone number, shipping address, order history, and potentially saved payment information tokens, though not full payment card numbers.
As a crucial security measure, the company has implemented a mandatory password reset for accounts they believe were potentially impacted by the unauthorized access attempts. They are also strongly advising all customers to adopt better online security habits, emphasizing the importance of creating unique, complex passwords for each online account and utilizing multi-factor authentication (MFA) whenever available to enhance protection against future attacks of this nature. This incident serves as a reminder of the persistent threat of credential stuffing and the need for robust personal online security practices.
Source: https://www.bleepingcomputer.com/news/security/the-north-face-warns-customers-of-april-credential-stuffing-attack/
