Update Your Barnes & Noble Password Right Now

From Lifehacker:

In a recent email, Barnes & Noble informed its customers of a security breach on October 12 that may have exposed email addresses and other account information.

The hack affected store systems, reportedly rendering cash registers unusable for a time, and also affected Nook apps and devices. Users were unable to view their collections, load past purchases, or buy new books, and Nook-related web pages were temporarily inaccessible for a few days this week. Most Nook functionality seems to be restored by now, but the full severity of the leak is unclear.

. . . .

In the email, Barnes & Noble confirms user email addresses, shipping and billing addresses, and phone numbers were vulnerable, but found no evidence any of this information was stolen. The email also says financial data is encrypted and safe—or at least, that’s how it looks for now.

. . . .

The company says the worst users should expect is that they may receive unwanted spam emails or phone calls. However, some users have reported unauthorized account access and purchases in the days since B&N systems were compromised.

While it’s possible hackers stole and decrypted password and payment data, it’s equally likely the affected users had poorly secured bank accounts that use the same email address as their Barnes & Noble profile. It’s not hard to break into an account using credential stuffing, especially if users re-use a password that’s been compromised in other leaks and they don’t have extra account security enabled, such as two-factor authentication (2FA).

Either way, there’s more risk than just the spam emails and calls Barnes & Noble suggests. Even if the hack exposed only email and phone numbers, these can be used to phish passwords and other security information from unsuspecting victims—that’s why your bank says it “never asks you for your password.”

So if you get an email asking for your account number, credit card info, or password, don’t provide it. And don’t click on any links or email attachments, either.

Link to the rest at Lifehacker

Typically, PG doesn’t include links in the excerpts from items he posts.

The original of this Lifehacker article includes links to lots of information that may be of help to Barnes & Noble online customers.

These links provide detailed information concerning what Barnes & Noble customers should be doing with their Barnes & Noble account information, sign-on credentials, etc., to avoid problems that may be caused if those who attacked the Barnes & Noble computer system were able to access credit card or other personal information.

At a higher level and for any website that asks for credit card numbers, personal information, etc., it is a good idea to use a unique and complex password.

Of course, if you have id/pw credentials for more than a half-dozen websites, you may have difficulty remembering if your bank password is )NpZLfmY’?6m'{:\ or @X(wfS6f;m-.+wEJd”Gc

There are computer programs to help you with that and make it as easy to insert NFsEu9GDLn8W3hhd3rUK into the password blank as it is to type mydogisrover.

PG uses LastPass and has done so for a long time with zero problems.

PG knows others who use 1password and are quite happy with it as well.

PC Magazine has a review of The Best Password Managers for 2020 which provides details on a whole bunch of password managers.

If you don’t like spending money, PC Magazine also has a review of The Best Free Password Managers for 2020 as well.