Outdoor gear giant The North Face has notified customers of a new credential stuffing attack that exposed personal account details, marking the second such security incident in just two months.
The latest attack was detected on April 23, 2025, raising fresh concerns about the brand’s account security practices.
According to the customer notice issued by VF Outdoor, LLC (doing business as The North Face), the company identified unusual activity on its retail website, thenorthface.com, which was promptly investigated. Analysts concluded that attackers were using previously stolen credentials, likely harvested from unrelated third-party breaches, to access North Face user accounts. This credential-stuffing technique, a common but highly effective attack vector, relies on the widespread problem of password reuse across multiple online platforms.
The attackers may have accessed stored account details, including names, email addresses, shipping addresses, phone numbers, birthdates (if saved), purchase histories, and user preferences. Crucially, payment card details were not exposed, as The North Face relies on tokenization and third-party processors to handle sensitive payment data. However, the compromised accounts still contained enough personal information to fuel phishing or identity fraud attempts.
The North Face is one of the flagship brands under VF Outdoor, a subsidiary of VF Corporation, a Fortune 1000 conglomerate headquartered in Denver, Colorado. With a global presence and millions of online customers, VF’s retail brands, including The North Face and Timberland, represent valuable targets for credential abuse.
Alarmingly, this latest incident comes on the heels of a major disclosure in April 2025, when VF admitted that a similar credential stuffing attack had gone undetected for two years, exposing data of over 15,000 customers. That earlier breach, spanning from March 2023 to March 2025, raised pointed questions about VF’s security oversight and monitoring capabilities.
In both cases, VF Outdoor emphasized that attackers succeeded because customers reused passwords from other compromised sites. However, it’s clear that if the firm had implemented two-factor authentication (2FA), a basic industry-standard defense, the impact of these attacks would have been drastically reduced.
In response to the latest breach, The North Face has disabled affected passwords and urged customers to set new, unique ones. The company also recommends avoiding predictable or reused passwords, staying alert to phishing attempts, and monitoring financial accounts for suspicious activity. The North Face states that no formal data breach notification requirements were triggered under applicable law, but they issued customer notices out of caution.
Leave a Reply