Barnes & Noble Hack May Have Exposed User Data

American bookseller Barnes and Noble admitted it fell victim to a cyberattack that may have exposed its customers’ data. The Fortune 1,000 company, which owns the largest number of retail stores in the US, launched Nook in 2009, an ebook reader and storage platform. And although Nook did not enjoy the same groundbreaking success as some of its peers like Amazon Kindle Fire, it does have a loyal customer base. But after the confirmed breach, some of the client data could have fallen into the wrong hands.

Bleeping Computer observed several B&N clients who took to Facebook and Twitter to complain about service outages. Some reported that their libraries had disappeared all of a sudden, while others couldn’t access the online platform. Another common issue was the inability to send or load new books. But the problem went beyond Nook and Barnes & Noble’s online platform. It reached more serious levels when cash registers at physical stores briefly stopped working. That’s when several observers started to realize that the issue could be down to malware infection and not a backend or server glitch, as first reported.

At first, Nook wrote it off as a system failure, adding that they are “working urgently to get all services back to full operation.” It wasn’t until late Wednesday night that the company acknowledged it suffered a cyberattack on October 10 in an email sent to customers. "It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems," the email said. “We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” it added.

However, B&N assured customers that the attackers couldn’t breach financial data like payment cards because they are “encrypted and tokenized and not accessible.” However, the compromised information could include email addresses, billing and shipping addresses, and phone numbers. The company said there is no evidence that any of the data was stolen, but it does not rule out the possibility. If hackers did get their hands on such data, they can build a customer profile portfolio or send phishing scams to victims. Either way, Nook users must immediately change their passwords and activate two-factor authentication to be on the safe side.

A Possible Ransomware Attack?

According to Bleeping Computer, all signs point to a ransomware attack, although it hasn’t been confirmed yet. These onslaughts usually occur over the weekend when staff members aren’t present to detect any unusual activities. Furthermore, B&N said that its IT team were restoring servers from backup. Another indication of a ransomware strike is that the bookseller had several Pulse VPN servers vulnerable to the CVE-2019-11510 vulnerability, which allows hackers to access user data stored on VPN servers. 

If it proves to be a ransomware attack, the company and its customers better brace themselves for worse news. Cybercriminals use this malware to steal files, encrypt them, then demand a ransom for the decryption key. Should the victim refuse to pay, the attackers can publicize the sensitive data they captured or sell it on the dark web.

To protect your online security and anonymity, visit TheVPN.Guru for the latest tips and tricks, as well as expert reviews on cybersecurity tools. 

Post a Comment