Major retailers like Adidas and The North Face have faced identity-driven breaches, primarily due to unmonitored access and weak identity hygiene. Adidas's breach occurred through a trusted third-party vendor, exposing customer data without any malware involved. The North Face suffered a credential stuffing attack, allowing attackers to exploit reused credentials and access personal data. These incidents highlight vulnerabilities in supply chain integrations, where attackers can leverage persistent, unrevoked access tokens to bypass traditional security measures, emphasizing the need for stronger identity management and access controls.
Adidas confirmed a data breach caused by an attack on a third-party customer service provider. The company said customer data was exposed, including names, email addresses, and order details.
The North Face confirmed a credential stuffing attack where threat actors used leaked credentials to access customer accounts, exfiltrating personal data and exposing a gap in identity controls.
Collection
[
|
...
]