The North Face experienced its fourth credential stuffing attack since 2020, exposing customer data including names and addresses. Despite repeated incidents, lack of multi-factor authentication increased vulnerability. #CredentialStuffing #VFOutdoor
Keypoints
- The North Face suffered a credential stuffing attack in April 2025 affecting customer data.
- The attack involved automated login attempts using recycled credentials from data breaches.
- Customer data exposed included full names, addresses, email, and date of birth, but not payment info.
- This is the fourth such incident since 2020, reducing customer trust and increasing risk.
- The company has yet to enforce multi-factor authentication across all accounts, contributing to repeated breaches.