article featured image


The North Face, an outdoor clothing brand, was the victim of a large-scale credential stuffing attack. The malicious actors managed to steal the data of 194,905 accounts on the thenorthface.com website.

The attack began on July 26, 2022, but was detected only on August 11, 2022, with the administrators of the website being able to stop it a few days later, on August 19, 2022.

What Is a Credential Stuffing Attack

In a credential stuffing attack, the cybercriminal uses the data obtained from previous breaches – like email addresses, usernames, and passwords – to try to log into the user accounts on another website.

This strategy works because of the practice of password recycling, where one user sets the same credentials for multiple accounts, on multiple platforms.

No Financial Information Was Stolen

Fortunately, the hackers were not able to obtain sensitive financial information, as the payment details are not saved on the website.

“We do not keep a copy of payment card details on thenorthface.com. We only retain a “token” linked to your payment card, and only our third-party payment card processor keeps payment card details. The token cannot be used to initiate a purchase anywhere other than on thenorthface.com.”, the company explained in a notification sent to its customers.

The North Face investigation over the breach shows that the most probably stolen data is:

  • full name
  • purchase history
  • billing address
  • shipping address
  • telephone number
  • account creation date
  • gender
  • XPLR Pass reward records

Measures Are Taken

VF Corporation (formerly Vanity Fair Mills), the company that owns The North Face brand, sent a notice about the breach to all affected customers explaining also the measures of security that are taken after the attack.

“Once we became aware of the attack, we quickly took steps to address the situation. These steps included disabling passwords and erasing payment card tokens from accounts that were accessed during the attack timeframe. As such, you will need to create a new (unique) password and enter your payment card information again the next time you shop on thenorthface.com. We are continuing to monitor our systems for suspicious activity.”, the notice shows.

This is the second time when The North Face is the victim of a credential stuffing attack, the first took place in November 2020. This brand is the only one from the VF Corporation portfolio – which also owns Vans, Timberland, Eastpak, Kipling, Dickies, and Napapijri – that is being targeted.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *