Giant company Barnes & Noble has revealed that it has come under attack in cyberspace that may have exposed customer data.
Barnes & Noble is the largest bookseller in the United States, with more than 600 bookstores in fifty states. The company also operates Nook Digital, which is an eBook and e-Reader platform.
As of October 10, users have been protesting on Nook's Facebook and Twitter page that they could not log in to the eBooks platform.
During this time, Barnes & Noble informed Nook's Facebook page that the system had been damaged and is working to restore its systems.
In a statement to Fast Company earlier today, Barnes & Noble said it had suffered a serious network problem and was in the process of restoring its server backups.
"We have a serious problem network and we are in the process of restoring our server backups, ”Barnes & Noble told Fast Company. Rest assured that there is no breach of customer payment information, which it is encrypted.
According to GoodReader, store managers said Barnes & Noble had a "virus in its network" that started in corporate offices and finally arrived in stores. When he arrived at the stores, he affected the cashiers and prevented the orders from being placed.
Barnes & Noble reveals
In an email sent to customers late Wednesday night, Barnes & Noble revealed that they suffered a cyber attack on October 10, 2020.
As part of this attack, the menacing factors gained access to the corporate systems used by the company.
In a list of frequently asked questions, Barnes & Noble states that no payment details have been reported, but they are not sure at this time whether invaders had access to other personal information.
They acknowledge that emails, billing addresses, shipping addresses and purchase history have been exposed.
Probably a ransomware attack
Although not confirmed, the Barnes & Noble cyber attack has all the hallmarks of a ransomware attack.
The company said it had to return the copies security of the server, which is a sign of a ransomware attack.
Finally, cybersecurity company Bad Packets told BleepingComputer that Barnes & Noble apparently had many VPN Pulse servers that were vulnerable to CVE-2019-11510 vulnerabilities.
This vulnerability is popular as it allows hackers to acquire access to user credentials stored on the VPN device.
A recent leak from Pulse VPN credentials collected using this vulnerability contained accounts owned by Barnes & Noble.
Unfortunately, if they have been attacked by ransomware, it is likely that they have been exposed much more data from what Barnes & Noble reveals.