BleepingComputer reports that leading U.S. outdoor apparel and equipment brand The North Face has confirmed that its customers' data had been pilfered following a credential stuffing intrusion against its website in April.
Threat actors who led a "small scale credential stuffing attack" against 'thenorthface.com' on April 23 were able to exfiltrate individuals' full names, birthdates, phone numbers, email addresses, shipping addresses, and purchase histories, said The North Face in a notice sent to the Office of the Vermont Attorney General. No payment information was exposed as a result of the incident. Such a disclosure comes after three other credential stuffing attacks against the brand's website since 2020. Most recent of the said incidents was an intrusion against both 'thenorthface.com' and 'timberland.com', both under VF Corporation, that impacted 15,700 accounts. VF Corporation has also reported having information from over 35 million customers compromised following a ransomware attack in December 2023.
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Meta has revealed plans to roll out passkeys for Facebook on Android and iOS soon, as well as for Messenger in the coming months, in a bid to bolster user account security, The Hacker News reports.
