Experts Reacted On The North Face Credential Stuffing Attack

American outdoor recreation retailer The North Face has reset the passwords of some of its customers following a credential stuffing attack launched on October 8 and 9.

Experts Comments

November 16, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Credential stuffing is a popular technique used by criminals to compromise user credentials. It is important that organisations put in place robust security controls to minimise the likelihood of successful credential stuffing attacks by monitoring login attempts and restricting persistent failed logon attempts. In addition, organisations should offer multi-factor authentication (MFA) to users. From a user perspective, education and awareness is important; in particular to use MFA where it.....Read More
Credential stuffing is a popular technique used by criminals to compromise user credentials. It is important that organisations put in place robust security controls to minimise the likelihood of successful credential stuffing attacks by monitoring login attempts and restricting persistent failed logon attempts. In addition, organisations should offer multi-factor authentication (MFA) to users. From a user perspective, education and awareness is important; in particular to use MFA where it is made available. It's also important that users don't reuse passwords across various sites which is what makes credential stuffing attacks possible. Using password managers can help greatly in this regard.  Read Less
November 16, 2020
Carl Wearn
Head of E-Crime
Mimecast
Credential stuffing attacks are becoming more and more common, particularly in the retail sector. With the festive season around the corner, we are going to see even more cybersecurity incidents impacting retailers. Mimecast monitoring shows that retail & wholesale has remained the top targeted sector recently, with 1.85 million total malicious detections in October alone. Huge volumes of data have been compromised in many data breaches, and these pose an increased risk of credential stuffing .....Read More
Credential stuffing attacks are becoming more and more common, particularly in the retail sector. With the festive season around the corner, we are going to see even more cybersecurity incidents impacting retailers. Mimecast monitoring shows that retail & wholesale has remained the top targeted sector recently, with 1.85 million total malicious detections in October alone. Huge volumes of data have been compromised in many data breaches, and these pose an increased risk of credential stuffing attacks, where a range accounts may be attacked utilising data from old breaches. If you have used basic passwords for some time for any online accounts, or in particular use the same password for multiple online accounts, this will also significantly increase the risk of compromise even further. Now is a good time to consider refreshing your passwords for any online accounts you use, ensuring they are specific to a site and not easily guessed, and reviewing if new security settings or options have become available to increase your security, such as multi factor authentication. Individuals can take these basic steps now to help prevent any compromise or fraud taking place which might utilise their details.  Read Less
November 16, 2020
Martin Jartelius
CSO
Outpost24
This is digital socialism, where the service provider has to somewhat inconvenience the many to protect the few who cannot be trusted to keep themselves safe. Essentially credential stuffing attack works when password reuse is in play, meaning those who were affected had already breached basic security advice. It is a good experience to see a vendor choosing to prioritize the security of those few, over the impact this potentially can have to revenue flows as some users may be dissuaded by the.....Read More
This is digital socialism, where the service provider has to somewhat inconvenience the many to protect the few who cannot be trusted to keep themselves safe. Essentially credential stuffing attack works when password reuse is in play, meaning those who were affected had already breached basic security advice. It is a good experience to see a vendor choosing to prioritize the security of those few, over the impact this potentially can have to revenue flows as some users may be dissuaded by the password change. Well managed.  Read Less
November 13, 2020
Ameet Naik
Security Evangelist
PerimeterX
Given the vast volume of stolen credentials out there, hackers launch credential stuffing attacks using automated bots. Compromised accounts can give hackers access to personal information, including usernames, passwords, and credit card numbers, which further fuel the cycle of attacks. Automated attacks such as these not only expose businesses to data breaches and compliance penalties but also increase operational costs. Businesses must protect their consumers’ accounts by requiring.....Read More
Given the vast volume of stolen credentials out there, hackers launch credential stuffing attacks using automated bots. Compromised accounts can give hackers access to personal information, including usernames, passwords, and credit card numbers, which further fuel the cycle of attacks. Automated attacks such as these not only expose businesses to data breaches and compliance penalties but also increase operational costs. Businesses must protect their consumers’ accounts by requiring multi-factor authentication where possible, for example by requiring biometrics on mobile devices, and by using bot management solutions to stop automated attacks. Consumers must ensure the use of strong passwords by using password managers and by turning on multi-factor authentication on their end as well. They must also continue to monitor their credit report for signs of identity theft.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.