Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

Credential stuffing incident at The North Face

The North Face warns customers after a credential stuffing attack compromised accounts on its US website. Learn what was exposed and how to stay protected.

04-06-2025 - 4 minute read. Posted in: cybercrime.

Credential stuffing incident at The North Face

The North Face warns customers of compromised accounts in April credential stuffing attack

Outdoor apparel brand The North Face has issued a warning to customers following a credential stuffing attack that may have exposed personal data. The incident, which took place in April, highlights the ongoing threat of automated login attempts using stolen credentials. It also reinforces the importance of avoiding password reuse.

What happened?

In a notice submitted to the Office of the Maine Attorney General, The North Face reported detecting suspicious activity in early May. After conducting an internal investigation, the company confirmed that a credential stuffing attack had occurred between April 4 and April 11. During this time frame, threat actors successfully accessed customer accounts using previously leaked login credentials.

Credential stuffing involves the use of stolen usernames and passwords, often gathered from earlier data breaches. Cybercriminals automate these login attempts across multiple websites, taking advantage of the fact that many users reuse the same credentials across different platforms.

What information was exposed?

The North Face clarified that the attack did not stem from a breach of its own systems. Instead, attackers used login credentials that had already been leaked in unrelated data breaches. By successfully logging in to customer accounts on thenorthface.com, they may have accessed a range of personal information.

This could include full names, shipping addresses, order histories, and account preferences. In some cases, if users had saved them, dates of birth and phone numbers may also have been visible. The attackers already had access to email addresses and passwords before attempting to log in.

No payment card data was exposed. The North Face explained that it does not store full card numbers, CVV codes, or expiration dates on its website. Instead, payment information is processed through a third-party provider using secure tokens, which cannot be used elsewhere.

The company stated that the incident does not meet the legal threshold for a data breach notification. However, it decided to alert customers voluntarily, acting out of caution and a commitment to transparency.

How did The North Face respond?

Once the attack was identified, The North Face acted quickly. The company reset passwords for all affected accounts and removed all stored payment methods as a precaution. Impacted customers received direct notifications and were prompted to set up new passwords.

In addition, the company implemented enhanced security measures to prevent similar incidents in the future. Although specific actions were not disclosed, they likely include stricter bot detection systems, login rate limits, and multi-factor authentication prompts to reduce the success rate of automated attacks.

A growing threat

Credential stuffing is a popular tactic among cybercriminals because it is simple and often effective. Attackers use readily available lists of breached credentials to test thousands of login combinations in minutes. E-commerce platforms and retail websites are particularly attractive targets because of the valuable customer data they store.

How can users protect themselves?

The North Face incident serves as a clear reminder that users must take responsibility for their digital security. Some key recommendations include:

  • Avoid using the same password for multiple accounts
  • Use a password manager to create and store strong, unique passwords
  • Enable multi-factor authentication wherever possible
  • Regularly monitor account activity for signs of unauthorized access

If you want to learn more about how a password manager can help you stay safe online, we recommend reading our guide to why you need a password manager. You can also explore our article on why multi-factor authentication is important to better understand how it protects your accounts from credential-based attacks.

Final thoughts

This breach is not the first of its kind, and it will not be the last. As long as reused passwords remain common, credential stuffing attacks will continue to succeed. The responsibility for cybersecurity lies with both companies and individual users.

At Moxso, we encourage everyone to stay informed and take proactive steps to strengthen their online security. Basic measures such as strong authentication and smart password habits can significantly reduce the risk of compromise.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

What is ransomware?
hacking

What is ransomware?

Ransomware attacks have been named by several organisations as one of the biggest cyber threats to businesses, both now and in the cyberworld's future.

03-05-2022 · 15 min.
How is cybersecurity and SEO linked?
cybercrime

How is cybersecurity and SEO linked?

For any organisation, having a website is almost mandatory nowadays. But it can be damaging if the website is not secure.

30-06-2022 · 11 min.
Cyberattacks that shook the world
case

Cyberattacks that shook the world

Are you familiar with the cyber attacks that shook the world? If not, read on as we look at five cyber attacks that changed our perception of cyber security.

15-11-2023 · 6 min.