IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The North Face hit by credential stuffing attack

Following the incident, hackers gained fraudulent access to 194,905 customer accounts

The North Face has confirmed it was hit by a credential stuffing attack that exposed the personally identifiable information of its customers.

A preliminary examination of the cyber security incident indicated the American clothing firm’s website was compromised as early as July 26. However, North Face only learned of the attack on 11 August.

Although the attack was contained by August 19, North Face noted that the perpetrators gained access to nearly 200,000 customer accounts using valid credentials. 

The attacker’s modus operandi, credential stuffing, allowed the automated entry and use of stolen usernames and passwords on the company's website.

Customer name, purchase history, billing address, shipping address, telephone number, account creation date, gender, and XPLR Pass reward records were exposed in this attack. The North Face does not store sensitive financial information, so cyber criminals are unlikely to have gained access to customers’ payment details, including credit card numbers.

VF Corporation, the brand's parent company, is notifying customers of the data breach in response to the incident. A precautionary reset of all user passwords has been carried out. The firm also erased payment card tokens from accounts that were accessed during the attack timeframe.

"We do not keep a copy of payment card details on We only retain a "token" linked to your payment card, and only our third-party payment card processor keeps payment card details," explained North Face in a statement.

Related Resource

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Whitepaper cover with title and text, and image of pyramid cyber-resilience modelFree Download

"The token cannot be used to initiate a purchase anywhere other than on"

The recent attack is reportedly The North Face’s second credential stuffing security incident.

Back in 2020, The North Face reset passwords of an undisclosed number of customer accounts after detecting a credential stuffing attack on its website. 

“We strongly encourage you not to use the same password for your account at that you use on other websites. If a breach occurs on one of those other websites, an attacker could use your email address and password to access your account at,” added the company. 

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022