The North Face hit by credential stuffing attack
Briefly

The North Face reported a small-scale credential stuffing attack on customer accounts, revealing that login information was compromised from other breaches. Unusual activity was detected on April 23, and the company alerted the Vermont Attorney General's Office. Though account information accessed may include personal details, no payment card data was exposed as it is handled by a third-party processor. The North Face emphasized this incident was not related to its own security and proactively notified customers to ensure transparency and consumer trust.
Reiterating that the login data originated from a breach unrelated to its own systems, the biz said the accessed account information may have included full names, order histories, shipping addresses, preferences, and, if saved by the user, dates of birth and telephone numbers.
The North Face said attackers used these stolen credentials to access some customer accounts.
The token cannot be used to initiate a purchase anywhere other than on our website.
However, we are notifying you of the incident voluntarily, out of an abundance of caution.
Read at Theregister
[
|
]