Barnes & Noble hit by cyberattack that exposed customer data
Barnes & Noble, the U.S. Bookstore giant, has disclosed that they were victims of a cyberattack that may have exposed customers’ data.
Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform.
Nook outage since the weekend
Since October 10th, users have been complaining on Nook’s Facebook page and Twitter that they could no longer access their library of purchased eBooks and magazine subscriptions. When attempting to do so online or on their Nook, the library was coming up blank or could not log into bn.com.
During this time updates were posted on the Nook Facebook page stating that they had suffered a system failure and worked to get back to full operation.
In a statement given to FastCompany earlier today, Barnes & Noble said that they suffered a severe network issue and were in the process of restoring their server backups.
“We have a serious network issue and are in the process of restoring our server backups,” Barnes & Noble told Fast Company in a statement. “Our systems are back online in our stores and on BN.com, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.”
According to GoodReader, store managers had told them that Barnes & Noble had a “virus in their networks” that started in the corporate offices and eventually made its way to the stores. Once in the stores, it affected the cashiers and prevented orders from being placed.
If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.
Barnes & Noble discloses cyberattack
In an email sent to customers late Wednesday night and seen by BleepingComputer, Barnes & Noble has disclosed that they suffered a cyberattack on October 10th, 2020.
As part of this attack, threat actors gained access to corporate systems utilized by the company.
“It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain corporate systems.”
“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” Barnes & Noble stated in their email.
In a list of frequently asked questions, Barnes & Noble states that no payment details have been exposed but are unsure at this time if the hackers accessed other personal information.
They do admit that email addresses, billing addresses, shipping addresses, and purchase history were exposed on the hacked systems.
1. Have my payment details been exposed? No, your payment details have not been exposed. Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system. 2. Could a transaction be made without my authorization? No, no financial information was accessible. It is always encrypted and tokenized. 3. Was my email compromised? No. Your email was not compromised as a result of this attack. However, it is possible that your email address was exposed and, as a result, you may receive unsolicited emails. 4. Was any personal information exposed due to the attack? While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these. 5. Do you retain any other information in the impacted systems? Yes, we also retain your transaction history, meaning purchase information related to the books and other products that you have bought from us.
Possibly a ransomware attack
While it has not been confirmed, the cyberattack has all characteristics of a ransomware attack.
Ransomware operators commonly conduct their attacks on the weekend, when there is less staff present who could detect the attack — Barnes & Noble were attacked on a Saturday.
The bookseller also stated that they had to restore server backups, which is another indicator of a ransomware attack.
Finally, cybersecurity intelligence firm Bad Packets told BleepingComputer that Barnes & Noble perviously had multiple Pulse VPN servers that were vulnerable to the CVE-2019-11510 vulnerability.
This vulnerability is popular among ransomware threat actors as it allows them to gain access to user credentials stored on the VPN device.
A recent leak of Pulse VPN credentials gathered using this vulnerability contained accounts belonging to Barnes & Noble.
Unfortunately, if they did suffer a ransomware attack, it is likely that much more data was exposed than they are disclosing.
When ransomware operators attack a network, they first steal unencrypted files to use as leverage to get a victim to pay the ransom. If the victim refuses to pay, the ransomware gang leaks the unencrypted data on data leak sites.
These leaked files can have personal employee information, including passports, drivers licenses, medical information, and salary.
Read the original article over at BleepingComputer.com.