The North Face E-Commerce Website Pwned By Hackers

Forbes is reporting that outdoor clothing manufacturer The North Face has had their e-commerce website pwned by hackers:

Customers of The North Face are receiving pre-Black Friday emails that they weren’t expecting. The outdoor gear giant was forced to reset passwords after detecting a sudden surge in malicious login attempts.

According to the breach notification filed with the California Office of the Attorney General, The North Face detected suspicious activity on October 9th and began investigating immediately.

While some customer accounts were accessed, it doesn’t appear that sensitive data was compromised. The North Face does not store payment card data for its customers’ accounts — only a token that is used by the company’s payment processing partner to authorize purchases.

That doesn’t sound too bad. But it is really, really bad. Here’s why via David Masson, Director of Enterprise Security for Darktrace:

Login credentials are the crown jewels of cyber-attacks today – once attackers have these, the opportunities for further compromise and exploitation are endless. That’s why cyber-criminals go for online retail – it’s lucrative and full of potential. Attackers will often craft fake websites of trusted brands to harvest consumers’ credentials, or launch campaigns against retailers at nights or on weekends when response times from security teams are slowest.

In recent months we’ve seen greater collaboration between the top tier hacking groups such as Maze and Sodinokibi – they’re renting out their services to less skilled groups in the underground marketplace of cyber-crime services, which increasingly means that anyone with the capital and will to do so can take on a big name like North Face.

As we approach the holiday period against the backdrop of a global pandemic, we can only expect more of these attacks. Much like when physical stores were forced to shut up shop in the advent of lockdown measures, the retail sector must innovate its way out of this problem. Having accepted this reality, many retailers such as eBay, Brooks Brothers and Jimmy Choo are taking a radically different approach with artificial intelligence – spotting and stopping attacks at machine speed, before they escalate.

If you got one of these emails from The North Face, I would change your password to something unique right now. And if you used the same password anywhere else, I’d change it on those sites as well.

Leave a Reply

%d bloggers like this: