Almost 200,000 Accounts Compromised in The North Face Credential Stuffing Campaign

Customers of the outdoor clothing company, The North Face, said the online accounts of almost 200,000 customers have been compromised. Unusual activity was detected in certain customer accounts on August 11, 2022, with the investigation into a potential data breach confirming customer accounts had been compromised in a credential stuffing campaign between July 26, 2022, and August 19, 2022.

If the threat actor was able to access a customer’s account, it would not have been possible to obtain their payment card information, as The North Face does not store full payment card details on its website, only tokenized payment card information. The token is retained on the website, with the payment processor retaining the full card details. The token can only be used to initiate payment on website and nowhere else. Customer accounts contain other information that could have been accessed and stolen, including first and last names, purchase histories, billing and shipping addresses, email addresses, dates of birth, gender, North Face ID numbers, and XPLR Pass reward points.

While the information contained in the accounts could not be used for identity theft, that information could be used in social engineering attacks on customers, such as phishing attacks. The personal information stolen from accounts could allow an attacker to craft a convincing phishing email spoofing The North Face or another company.

All accounts that were determined to have been compromised have had passwords disabled and the payment card tokens have been deleted. New passwords must be set when users access their accounts and payment card information will have to be entered again. Customers have also been advised to change the passwords on all other accounts where the password has been used.

There has been a flurry of announcements from companies over the past few weeks about credential stuffing attacks on customer accounts. Credential stuffing attacks are one of the main ways that cybercriminals take over accounts; however, these attacks only succeed due to the reuse of passwords on multiple accounts. The North Face says around 194,905 customer accounts were compromised in the attack, indicating the scale of password reuse.

If a unique password is set for every account, these attacks would not succeed. The reason these attacks are so common is consumers frequently set the same password for multiple accounts. While they may set a complex and unique password for each financial account, it is common for passwords to be reused on less sensitive accounts; however, even accounts for steaming services and retail accounts can be valuable to cybercriminals.

The solution is simple. Create a unique password for every account. The problem, which is why password reuse is so common, is that is not practical, as it is not possible to remember dozens and dozens of unique passwords. However, there is an easy solution and that is to use a password manager. Password managers will suggest strong passwords and will store them securely in an encrypted password vault and will auto-fill them when needed. These solutions make password management simple and greatly improve security. Free versions are available with limited feature sets – Bitwarden and LastPass have good free versions – but they are generally low cost. Bitwarden, for example, is just $10 per year to have the full product.

While some web browsers will suggest and store passwords, this is a far less secure way of storing your passwords as browser-stored passwords are targeted by some malware. Password managers provide far greater security.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of