The popular athletic clothing apparel company “North Face” has had to reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website.



North face in light of the recent data-breach notification, the company told customers that it was alerted to unusual activity involving its website, “” on October ninth. There, customers can buy clothing and gear online, create accounts and gain loyalty points as part of its “VIPeak Rewards Program.” After further investigation, The North Face concluded that attackers had launched a credential-stuffing attack against its website from October eighth to October ninth.

“Credential stuffing is accomplished by hackers who take advantage of people who reuse the same passwords across multiple online accounts. Credential-stuffing attackers typically use IDs and passwords stolen from another source, such as a breach of another company or website, which they then try to use to log in to other accounts — thus gaining unauthorized access. The process is often automated, and cybercriminals have successfully leveraged the approach to steal data from various popular companies”

Amongst having customer email addresses and passwords, these attackers may have accessed information stored on customers accounts such as, recent purchases, saved favorites, billing addresses, shipping addresses, loyalty point totals, email preferences, first and last names, birthdays and telephone numbers, Luckily North Face does not keep a copy of payment information on meaning no credit/debit information was leaked.

“As a further precaution, we disabled all passwords from accounts that were accessed during the timeframe of the attack,” according to the company. “We also erased all payment-card tokens from all accounts on As such, you will need to create a new (unique) password and enter your payment-card information again the next time you shop on”

Sources (Links to an external site.)


Posted on Nov 19, 2020 10:36:00 AM by Chad Oertel

Chad Oertel

Written by Chad Oertel

Chad Oertel is a Student Ambassador at University of Advancing Technology and is studying Advancing Computer Science and Network Security at UAT.


Email me when there is a new post.

I'd like more information about UAT

Lists by Topic

see all

Recent Posts

Posts by Topic

see all

Posts by Author

see all