Exploit: Credential Stuffing
The North Face: Outdoor Apparel Retailer
Risk to Small Business: 2.322 = Severe
Hackers mounted a successful attack against outdoor retailer The North Face, capturing an unknown amount of client data in the process. While retail operations were not disrupted, the company has released a caution to customers about the incident.
Individual Risk: 2.711 = Moderate
The company noted that the breach includes “products you have purchased on our website, products you have saved to your ‘favorites,’ your billing address, your shipping address(es), your VIPeak customer loyalty point total, your email preferences, your first and last name, your birthday (if you saved it to your account), and your telephone number (if you saved it to your account)”. Payment information was stored separately and more securely and not impacted in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks have gained new fuel from a bountiful harvest of Dark Web data dumps adding fresh ammo for cybercrime.
Source:
https://chainstoreage.com/report-hackers-may-have-obtained-north-face-customer-data