200,000 North Face user accounts hacked — what you need to know

A picture of a North Face store
(Image credit: Shutterstock)

The outdoor apparel brand The North Face has been hit by a large-scale credential stuffing attack where hackers used usernames and passwords from other data breaches to gain access to customer accounts.

According to a data breach notice from the company seen by BleepingComputer, approximately 194,905 customer accounts were hacked. 

While the attack began at the end of July of this year, the administrators of The North Face’s website first detected unusual activity on August 11 and managed to stop it on August 19.

Customer info exposed but not payment details

An open lock depicting a data breach

(Image credit: Shutterstock)

Following an investigation into the matter, The North Face found that the hackers responsible were able to access customers’ full names, purchase history, billing and shipping addresses, telephone numbers, account creation dates, genders and XPLR Pass reward records.

Fortunately though, the company doesn’t store payment details like credit and debit card information on its site, so the attackers were unable to access this information.

In a data breach notice sent out to impacted customers, The North Face’s parent company VF Corporation (previously Vanity Fair Mills) explained that it only keeps a “token” linked to customer’s payment cards on its site while its third-party payments processor retains users’ card details.

At the same time, all user passwords have been reset and their payment card tokens that were accessed by the hackers have been wiped. The next time customers wish to purchase an item from The North Face’s website, they will need to enter a new password and reenter their payment information.

What to do if you are an affected North Face customer?

Affected North Face customers will need to pick a new password for their accounts and it should be a strong as well as unique one. While this can be done using a password generator, many of the best password managers include this ability as well.

Since customer names and phone numbers were exposed, you may also want to be extra careful when checking your inbox or answering your phone for the time being. This is because the hackers responsible may try to launch other attacks using the information they obtained from The North Face’s website.

The North Face also recommends that users monitor their accounts for any suspicious activity. However, the company isn’t providing free access to the best identity theft services at this time. Still though, it may be worth signing up for Norton LifeLock, Identity Guard or a similar service just to be on the safe side.

Surprisingly, this is actually the second time that The North Face has suffered a credential stuffing attack. The last one occurred back in November of 2020 and the company took similar steps at that time.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.