Credential-Stuffing Attack Hits The North Face

From threatpost.com

the north face credential stuffing attack

The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website.

The North Face has reset its customers’ passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter’s website.

In a recent data-breach notification, the company told customers that it was alerted to “unusual activity involving its website,” thenorthface.com, on Oct. 9. There, customers can buy clothing and gear online, create accounts and gain loyalty points as part of its “VIPeak Rewards Program.” After further investigation, The North Face concluded that attackers had launched a credential-stuffing attack against its website from Oct. 8 to Oct. 9.

Read more…