{"id":5146,"date":"2020-11-16T17:33:30","date_gmt":"2020-11-16T21:33:30","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5146"},"modified":"2020-11-16T17:33:30","modified_gmt":"2020-11-16T21:33:30","slug":"breaking-down-the-north-face-credential-stuffing-attack","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/","title":{"rendered":"Breaking Down the North Face Credential Stuffing Attack"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4578\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\" alt=\"Breaking Down the North Face Credential Stuffing Attack\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Recently, outdoor apparel retailer North Face disclosed that it suffered from a credential stuffing attack. North Face stated the credential stuffing attack occurred on October 9, affecting an undisclosed number of customers. Hackers apparently gained users\u2019 usernames and passwords from a third-party website.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The company sent out a<\/span><a href=\"https:\/\/oag.ca.gov\/system\/files\/VF%20Outdoor%20-%20Sample%20Notice%20%28CA%29.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\"> data breach notification<\/span><\/a><span style=\"font-weight: 400\"> to customers. While The North Face credential stuffing attack did not compromise financial information, it did expose information such as products purchased, billing and shipping addresses, names, birthdays, telephone numbers, email preferences.\u00a0<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n<h3 style=\"text-align: justify\"><b>Some Key Lessons from the North Face Credential Stuffing Attack<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">First, that another major retailer suffered from a credential stuffing attack indicates just how dangerous credential stuffing attacks can prove. Credential stuffing works by hackers simply trying previously stolen passwords and usernames and looking for repetitions. Any repetitions enable them access to new accounts on new victim businesses.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Therefore, your business must encourage both customers and employees to only use unique and strong passwords for their accounts. You can do this through mandatory password resets every few months, through the use of password managers. Also, you can deploy customer identity and access management and privileged access management solutions.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, we also wish to confront a statement made by North Face in their data breach notification:\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cWe do not believe that the attacker obtained information from us that would require us to notify you of a data security breach under applicable law, but we are notifying you of the incident voluntarily, out of an abundance of caution.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We cannot stress this enough: <\/span><i><span style=\"font-weight: 400\">this isn\u2019t how data breaches work. <\/span><\/i><span style=\"font-weight: 400\">Any information that appears on the Dark Web or ends up in the hands of danger becomes a threat to users\u2019. Hackers can use this information for future data breaches, for phishing or spear-phishing attacks, and other nefarious ends. In fact, users should know that non-financial information was breached <\/span><i><span style=\"font-weight: 400\">just as much as if financial information became stolen.\u00a0<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Users can replace their credit cards or freeze them; it is obnoxious but doable. However, users can\u2019t easily change their names or addresses. North Face, upon learning about the credential stuffing attack, immediately had the obligation to alert affected users.\u00a0\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Expert Commentary<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Vinay Sridhara is CTO of <\/span><\/i><a href=\"https:\/\/www.balbix.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><i><span style=\"font-weight: 400\">Balbix<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.\u00a0<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThis incident highlights the wide-spread issue of hackers capitalizing on weak password hygiene, taking advantage of rampant password reuse, and a lack of multifactor authentication (MFA). According to a recent study, roughly 80 percent of hacking-related breaches are due to compromised, weak, and reused passwords. Yet, 99 percent of people employees still reuse passwords across an average of 2.7 work and personal accounts.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cStrong password hygiene must be a top priority for every company and enterprises should scan for password reuse on an ongoing basis to limit their exposure. Additionally, NIST\u2019s Special Publication 800-63B:Digital Identity Guidelines recommends organizations to follow these four principles: 8 character minimum, no complexity or special character requirements, no password expiration, and to check against dictionaries and lists of previously breached passwords. Given that the amount of compromised credentials continues to grow, checking passwords against a dynamic database rather than a static list is critical.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Learn more in our <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">Identity Management Buyer\u2019s Guide<\/a>.<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>Recently, outdoor apparel retailer North Face disclosed that it suffered from a credential stuffing attack. North Face stated the credential stuffing attack occurred on October 9, affecting an undisclosed number of customers. Hackers apparently gained users\u2019 usernames and passwords from a third-party website.\u00a0 The company sent out a data breach notification to customers. While The [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4578,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[987,1212,1583,16,112,1204,425,70,30,1582],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Breaking Down the North Face Credential Stuffing Attack<\/title>\n<meta name=\"description\" content=\"Recently, outdoor apparel retailer North Face disclosed that it suffered from a credential stuffing attack. Learn more here.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/\",\"name\":\"Breaking Down the North Face Credential Stuffing Attack\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"datePublished\":\"2020-11-16T21:33:30+00:00\",\"dateModified\":\"2020-11-16T21:33:30+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Recently, outdoor apparel retailer North Face disclosed that it suffered from a credential stuffing attack. Learn more here.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg\",\"width\":800,\"height\":400,\"caption\":\"UN Data Breach: Expert Commentary on a High-Profile Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Breaking Down the North Face Credential Stuffing Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Breaking Down the North Face Credential Stuffing Attack","description":"Recently, outdoor apparel retailer North Face disclosed that it suffered from a credential stuffing attack. Learn more here.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/","url":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/","name":"Breaking Down the North Face Credential Stuffing Attack","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","datePublished":"2020-11-16T21:33:30+00:00","dateModified":"2020-11-16T21:33:30+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Recently, outdoor apparel retailer North Face disclosed that it suffered from a credential stuffing attack. Learn more here.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/09\/swam.jpg","width":800,"height":400,"caption":"UN Data Breach: Expert Commentary on a High-Profile Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/breaking-down-the-north-face-credential-stuffing-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Breaking Down the North Face Credential Stuffing Attack"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5146"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5146"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5146\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4578"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}