With the incident, as reported by Bleeping Computer, it appears that attackers were able to gain access to various types of personal information stored on customers’ accounts at thenorthface.com according to a notice of data breach sent to affected clients.
With the specific form of the attack, credential stuffing, this is a type of cyber incident where criminals exploit large collections of username and password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.
Looking into the incident for Digital Journal is Vinay Sridhara, CTO, Balbix.
Sridhara sees a common pattern with this data breach compared with other events that have taken place during 2020: “This incident highlights the wide-spread issue of hackers capitalizing on weak password hygiene, taking advantage of rampant password reuse and a lack of multifactor authentication (MFA).”
He also notes that this incident is becoming all too common: “According to a recent study, roughly 80 percent of hacking-related breaches are due to compromised, weak and reused passwords. Yet, 99 percent of people employees still reuse passwords across an average of 2.7 work and personal accounts.”
In terms of robust preventative actions, Sridhara recommends: “Strong password hygiene must be a top priority for every company and enterprises should scan for password reuse on an ongoing basis to limit their exposure. Additionally, NIST’s Special Publication 800-63B:Digital Identity Guidelines recommends organizations to follow these four principles: 8 character minimum, no complexity or special character requirements, no password expiration, and to check against dictionaries and lists of previously breached passwords.”
He concludes by adding: “Given that the amount of compromised credentials continues to grow, checking passwords against a dynamic database rather than a static list is critical.”
