- Joined
- Jun 13, 2020
- Messages
- 6,565
- Reaction score
- 891
- Points
- 212
- Awards
- 2
As a result of a cyber attack on Barnes & Noble, the personal data of the company's customers was leaked.
Barnes & Noble, the largest bookseller in the United States, has reported a cyberattack on its networks that could result in a customer data breach.
Barnes & Noble owns over 600 bookstores in 50 states. The company also sells e-book readers and tablets under the Nook brand.
Since October 10 this year, on the Nook page on Facebook, as well as on Twitter, users began to complain that they lost access to the libraries of purchased books and magazines. According to them, when trying to access the library online or on the Nook, a white screen appears. According to Barnes & Noble Facebook posts at the time, the company experienced a "system crash" and is working to fix the problem.
On Wednesday, October 14th, Barnes & Noble told FastCompany that the company is facing serious network issues and is currently recovering data from backups. “Our systems are back online in stores and BN.com, and we are investigating the cause. We hasten to assure that the payment data of customers have not been compromised, as they are encrypted and tokenized, ”the company said in a statement.
According to GoodReader, according to store managers, the Barnes & Noble chains were infected with a "virus" that entered the headquarters computer network and then spread to stores.
Late in the evening of October 14, the company sent out notifications to its customers that on October 10, its corporate computer systems were subjected to a cyber attack. “We are writing now out of extreme caution in order to inform you that this may have disclosed some of your personal information that we have,” the notice says.
According to the company, the cyberattack compromised email addresses, billing addresses, shipping addresses, and purchase history of users.
Although Barnes & Noble did not disclose the nature of the incident, it appears to have been a victim of ransomware. First, ransomware operators usually attack their victims on weekends, and October 10th was Saturday. Secondly, according to the company, it had to restore its data from backups, which means it could be encrypted. And thirdly, according to the information security company Bad Packets, Barnes & Noble previously had many Pulse VPN servers containing the CVE-2019-11510 vulnerability. This vulnerability is very popular among ransomware operators, as it allows to obtain credentials stored on the VPN device.
Barnes & Noble, the largest bookseller in the United States, has reported a cyberattack on its networks that could result in a customer data breach.
Barnes & Noble owns over 600 bookstores in 50 states. The company also sells e-book readers and tablets under the Nook brand.
Since October 10 this year, on the Nook page on Facebook, as well as on Twitter, users began to complain that they lost access to the libraries of purchased books and magazines. According to them, when trying to access the library online or on the Nook, a white screen appears. According to Barnes & Noble Facebook posts at the time, the company experienced a "system crash" and is working to fix the problem.
On Wednesday, October 14th, Barnes & Noble told FastCompany that the company is facing serious network issues and is currently recovering data from backups. “Our systems are back online in stores and BN.com, and we are investigating the cause. We hasten to assure that the payment data of customers have not been compromised, as they are encrypted and tokenized, ”the company said in a statement.
According to GoodReader, according to store managers, the Barnes & Noble chains were infected with a "virus" that entered the headquarters computer network and then spread to stores.
Late in the evening of October 14, the company sent out notifications to its customers that on October 10, its corporate computer systems were subjected to a cyber attack. “We are writing now out of extreme caution in order to inform you that this may have disclosed some of your personal information that we have,” the notice says.
According to the company, the cyberattack compromised email addresses, billing addresses, shipping addresses, and purchase history of users.
Although Barnes & Noble did not disclose the nature of the incident, it appears to have been a victim of ransomware. First, ransomware operators usually attack their victims on weekends, and October 10th was Saturday. Secondly, according to the company, it had to restore its data from backups, which means it could be encrypted. And thirdly, according to the information security company Bad Packets, Barnes & Noble previously had many Pulse VPN servers containing the CVE-2019-11510 vulnerability. This vulnerability is very popular among ransomware operators, as it allows to obtain credentials stored on the VPN device.