From Bleeping Computer:
U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.
Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform.
. . . .
Since October 10th, users have been complaining on Nook’s Facebook page and Twitter that they could no longer access their library of purchased eBooks and magazine subscriptions. When attempting to do so online or on their Nook, the library was coming up blank or could not log into bn.com.
. . . .
In a statement given to FastCompany earlier today, Barnes & Noble said that they suffered a severe network issue and were in the process of restoring their server backups.
“We have a serious network issue and are in the process of restoring our server backups,” Barnes & Noble told Fast Company in a statement. “Our systems are back online in our stores and on BN.com, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.”
. . . .
In an email sent to customers late Wednesday night and seen by BleepingComputer, Barnes & Noble has disclosed that they suffered a cyberattack on October 10th, 2020.
As part of this attack, threat actors gained access to corporate systems utilized by the company.
“It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” Barnes & Noble stated in their email.
. . . .
In a list of frequently asked questions, Barnes & Noble states that no payment details have been exposed but are unsure at this time if the hackers accessed other personal information.
They do admit that email addresses, billing addresses, shipping addresses, and purchase history were exposed on the hacked systems.
. . . .
While it has not been confirmed, Barnes & Noble’s cyberattack has all characteristics of a ransomware attack.
Ransomware operators commonly conduct their attacks on the weekend, when there is less staff present who could detect the attack — Barnes & Noble were attacked on a Saturday.
The bookseller also stated that they had to restore server backups, which is another indicator of a ransomware attack.
Finally, cybersecurity intelligence firm Bad Packets told BleepingComputer that Barnes & Noble perviously had multiple Pulse VPN servers that were vulnerable to the CVE-2019-11510 vulnerability.
This vulnerability is popular among ransomware threat actors as it allows them to gain access to user credentials stored on the VPN device.
A recent leak of Pulse VPN credentials gathered using this vulnerability contained accounts belonging to Barnes & Noble.
. . . .
Unfortunately, if they did suffer a ransomware attack, it is likely that much more data was exposed than Barnes & Noble is disclosing.
When ransomware operators attack a network, they first steal unencrypted files to use as leverage to get a victim to pay the ransom. If the victim refuses to pay, the ransomware gang leaks the unencrypted data on data leak sites.
Link to the rest at Bleeping Computer and thanks to DM for the tip.
When anyone hears of the first class-action suit filed against Barnes & Noble on behalf of its online customers based upon the leak of personal information and damages arising therefrom, you can let PG know via the Contact Link at the top of the blog.
To be fair to Barnes & Noble, there may be a non-negligent explanation for all of this, but the Barnes & Noble CEO has been surprisingly silent about this matter, particularly in comparison to his ready availability to any journalist likely to produce yet another puff piece about him.