Tuesday, October 20, 16:25
Home security Barnes & Noble: Attacked and exposed customer data

Barnes & Noble: Attacked and exposed customer data

Giant company Barnes & Noble has revealed that it has come under attack in cyberspace that may have exposed customer data.

Barnes & Noble is the largest bookseller in the United States, with more than 600 bookstores in fifty states. The company also operates Nook Digital, which is an eBook and e-Reader platform.

As of October 10, users have been protesting on Nook's Facebook and Twitter page that they could not log in to the eBooks platform.

During this time, Barnes & Noble informed Nook's Facebook page that the system had been damaged and is working to restore its systems.

In a statement to Fast Company earlier today, Barnes & Noble said it had suffered a serious network problem and was in the process of restoring its server backups.

"We have a serious problem network and we are in the process of restoring our server backups, ”Barnes & Noble told Fast Company. Rest assured that there is no breach of customer payment information, which it is encrypted.

According to GoodReader, store managers said Barnes & Noble had a "virus in its network" that started in corporate offices and finally arrived in stores. When he arrived at the stores, he affected the cashiers and prevented the orders from being placed.

Barnes & Noble reveals

In an email sent to customers late Wednesday night, Barnes & Noble revealed that they suffered a cyber attack on October 10, 2020.

As part of this attack, the menacing factors gained access to the corporate systems used by the company.

In a list of frequently asked questions, Barnes & Noble states that no payment details have been reported, but they are not sure at this time whether invaders had access to other personal information.

They acknowledge that emails, billing addresses, shipping addresses and purchase history have been exposed.

Probably a ransomware attack

Although not confirmed, the Barnes & Noble cyber attack has all the hallmarks of a ransomware attack.

The company said it had to return the copies security of the server, which is a sign of a ransomware attack.

Finally, cybersecurity company Bad Packets told BleepingComputer that Barnes & Noble apparently had many VPN Pulse servers that were vulnerable to CVE-2019-11510 vulnerabilities.

This vulnerability is popular as it allows hackers to acquire access to user credentials stored on the VPN device.

A recent leak from Pulse VPN credentials collected using this vulnerability contained accounts owned by Barnes & Noble.

Unfortunately, if they have been attacked by ransomware, it is likely that they have been exposed much more data from what Barnes & Noble reveals.


Please enter your comment!
Please enter your name here

Teo Ehchttps://www.secnews.gr
Be the limited edition.


How to stop the automatic switching of AirPods between iPhone and iPad

AirPods and AirPods Pro automatically switch between iPhone and iPad. If you turn off the iPad and start a call on your iPhone, ...

The Windows 10 KB4579311 update has an installation problem

Windows 10 users face many problems when installing the latest cumulative update KB4579311 and those who can ...

The big "Twitter hack" was the result of employee fraud

The biggest Twitter hack that has become known to date, was the one that took place last July and resulted in ...

Gang ransomware donates part of ransom to charities

The Darkside ransomware gang has donated 10 thousand dollars from the ransom it has collected from its victims to Children International ...

FinCEN fines $ 60 million companies for bitcoin money laundering

The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) today announced the first sentence against cryptocurrency services, Helix and ...

US: accuse Russians of global attacks

Six Russian agents have been indicted by the US Department of Justice for attacks related to the Winter Olympics in Pyeongchang, ...

Hackers hijack Telegram via an SS7 attack

Hackers with access to the Signaling System 7 (SS7) used to connect to mobile networks around the world were able to ...

Windows GravityRAT malware now targets Android and macOS

GravityRAT, a malware that monitors the CPU temperature of Windows computers to detect virtual machines or sandboxes, has acquired additional ...

DDoS attacks tripled, forcing victims to pay a ransom

The last quarter of 2020 saw a wave of web application attacks that have used ransom letters to target companies in various industries ....

Phishing campaign violates Office 365 accounts through OAuth app

Security researchers have discovered a new phishing campaign that uses a Coinbase-themed email. Target of the hackers behind the campaign, ...