Barnes & Noble confirms cyberattack, suspected customer data breach
Barnes & Noble has confirmed a cyberattack impacting Nook services and potentially exposing customer data.
The US bookseller stocks over one million titles at any one time for distribution worldwide. As ebooks emerged as an alternative to traditional literature, in 2009, the company launched the Nook service, an ebook reader and storage platform.
Over the weekend, as reported by Bleeping Computer, Barnes & Noble customers complained across social media of outages. Some customers were unable to access their Nook libraries, their previous purchases had vanished into thin air, others were not able to log in to the firm’s online platform, and connectivity issues between sending or loading new books ran rampant.
As noted by The Register, the outage also spread to physical outlets, where it appeared that some cash registers were also “briefly” unable to function.
This prompted speculation that the disruption could be due to a malware infection, as when Point-of-Sale (PoS) systems become involved, the issue may not merely be due to a backend or server glitch.
The bookseller partially restored its systems by Tuesday, but it was not until Wednesday that Nook publicly acknowledged customer access and Nook service issues.
Nook said at the time that a “system failure” was at fault and engineers were working hard to “get all Nook services back to full operation.”
“Unfortunately, it has taken longer than anticipated,” Nook continued. “We sincerely apologize for this inconvenience and frustration.”
Now, Barnes & Noble has confirmed to customers that cyberattackers caused the service disruption.
In an email, the bookseller said that on October 10, Barnes & Noble was the victim of intrusion, leading to “unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
Customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories may have been exposed during the breach.
“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company added.
However, the bookseller emphasizes that no financial data, “encrypted and tokenized” as a security measure, was taken or available to the threat actors.
The firm has not disclosed how many customers may be impacted by the suspected data breach. Barnes & Noble warns that as email addresses have been leaked, they may be used in phishing campaigns.
While the details of the cyberattack are yet to be made public, it is possible that ransomware could be at the heart of the incident. Bad Packets told BleepingComputer that the bookseller’s VPN servers were previously vulnerable to CVE-2019-11510, an arbitrary read vulnerability.
Security flaws like this can be used to compromise corporate networks and deploy payloads, including ransomware. In recent months, AG and the Duesseldorf University Hospital have experienced severe ransomware attacks.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0