For the fourth time in its history, The North Face has notified customers that their account may have been compromised. This time, the company laid blame on a credential stuffing attack.
The North Face is best known for its line of outdoor clothing, footwear, and related equipment. With an annual revenue of over $3 billion, companies like The North Face are on the radar of cybercriminals. The notice from The North Face says: “On April 23, 2025, we discovered unusual activity involving our website, thenorthface.com (“Website”), which we investigated immediately. Following a careful and prompt investigation, we concluded that an attacker had launched a small-scale credential stuffing attack against our Website on April 23, 2025.”
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Cyber attacks are now a matter of when not if for UK businesses
July 2, 2018
For a growing number of UK companies, being hit by a cyber breach is not a matter of ‘if’ – it’s a matter of ‘when’. This is according to a new report by KPMG based on a poll of 150 UK leaders. When compared to the rest of the world, though, the UK is performing well, as according to ...
- Hotels, airlines and travel sites battle bot attacks
June 27, 2018
Hotels, airlines, cruises and travel sites are under siege from crooks using fake or stolen account details to try to access accounts. Hackers have been using stolen or leaked account details to attempt to log into accounts, using botnets to deliver attacks at industrial scale, according to research by Akamai. Read more… Source: ZDNet
- Thanatos ransomware: Free decryption tool released for destructive file-locking malware
June 27, 2018
Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers. Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating ...
- Up to 40,000 British Ticketmaster users may have had their personal and payment details stolen by hackers
June 27, 2018
Ticketmaster UK have admitted British customers may have had their credit card data stolen in a security breach that could have affected up to 40,000 people. The company says it ‘identified malicious software’ on a third party product on Saturday, but did not reveal the breach until today. The firm said it disabled the software as soon ...
- New Malware Family Uses Custom UDP Protocol for C&C Communications
June 26, 2018
Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto, the hacking group, which they dubbed RANCOR, has been found using two new malware families—PLAINTEE and DDKONG—to target ...
- FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
June 19, 2018
Spoofing legitimate mobile applications is a common cybercriminal modus that banks on their popularity and relies on their users’ trust to steal information or deliver payloads. Cybercriminals typically use third-party app marketplaces to distribute their malicious apps, but in operations such as the ones that distributed CPUMINER, BankBot, and MilkyDoor, they would try to get their apps published ...