[BreachExchange] Barnes & Noble hit by cyberattack that exposed customer data

[Destry Winant]

https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/

U.S. Bookstore giant Barnes & Noble has disclosed that they were
victims of a cyberattack that may have exposed customers' data.

Barnes & Noble is the largest brick-and-mortar bookseller in the
United States, with over 600 bookstores in fifty states. The
bookseller also operated the Nook Digital, which is their eBook and
e-Reader platform.

Nook outage since the weekend

Since October 10th, users have been complaining on Nook's Facebook
page and Twitter that they could no longer access their library of
purchased eBooks and magazine subscriptions. When attempting to do so
online or on their Nook, the library was coming up blank or could not
log into bn.com.

During this time, Barnes & Noble posted updates on the Nook Facebook
page stating that they had suffered a system failure and worked to get
back to full operation.

In a statement given to FastCompany earlier today, Barnes & Noble said
that they suffered a severe network issue and were in the process of
restoring their server backups.

"We have a serious network issue and are in the process of restoring
our server backups,” Barnes & Noble told Fast Company in a statement.
“Our systems are back online in our stores and on BN.com, and we are
investigating the cause. Please be assured that there is no compromise
of customer payment details, which are encrypted and tokenized."

According to GoodReader, store managers had told them that Barnes &
Noble had a "virus in their networks" that started in the corporate
offices and eventually made its way to the stores. Once in the stores,
it affected the cashiers and prevented orders from being placed.

If you have first-hand information about this or other unreported
cyberattacks, you can confidentially contact us on Signal at
+16469613731 or on Wire at @lawrenceabrams-bc.

Barnes & Noble discloses cyberattack

In an email sent to customers late Wednesday night and seen by
BleepingComputer, Barnes & Noble has disclosed that they suffered a
cyberattack on October 10th, 2020.

As part of this attack, threat actors gained access to corporate
systems utilized by the company.

"It is with the greatest regret we inform you that we were made aware
on October 10, 2020 that Barnes & Noble had been the victim of a
cybersecurity attack, which resulted in unauthorized and unlawful
access to certain Barnes & Noble corporate systems."

"We write now out of the greatest caution to let you know how this may
have exposed some of the information we hold of your personal
details," Barnes & Noble stated in their email.

Barnes & Noble email notification

In a list of frequently asked questions, Barnes & Noble states that no
payment details have been exposed but are unsure at this time if the
hackers accessed other personal information.

They do admit that email addresses, billing addresses, shipping
addresses, and purchase history were exposed on the hacked systems.

1. Have my payment details been exposed?

No, your payment details have not been exposed. Barnes & Noble uses
technology that encrypts all credit cards and at no time is there any
unencrypted payment information in any Barnes & Noble system.

2. Could a transaction be made without my authorization?

No, no financial information was accessible. It is always encrypted
and tokenized.

3. Was my email compromised?

No. Your email was not compromised as a result of this attack.
However, it is possible that your email address was exposed and, as a
result, you may receive unsolicited emails.

4. Was any personal information exposed due to the attack?

While we do not know if any personal information was exposed as a
result of the attack, we do retain in the impacted systems your
billing and shipping addresses, your email address and your telephone
number if you have supplied these.

5. Do you retain any other information in the impacted systems?

Yes, we also retain your transaction history, meaning purchase
information related to the books and other products that you have
bought from us.

Possibly a ransomware attack

While it has not been confirmed, Barnes & Noble's cyberattack has all
characteristics of a ransomware attack.

Ransomware operators commonly conduct their attacks on the weekend,
when there is less staff present who could detect the attack -- Barnes
& Noble were attacked on a Saturday.

The bookseller also stated that they had to restore server backups,
which is another indicator of a ransomware attack.

Finally, cybersecurity intelligence firm Bad Packets told
BleepingComputer that Barnes & Noble perviously had multiple Pulse VPN
servers that were vulnerable to the CVE-2019-11510 vulnerability.

This vulnerability is popular among ransomware threat actors as it
allows them to gain access to user credentials stored on the VPN
device.

A recent leak of Pulse VPN credentials gathered using this
vulnerability contained accounts belonging to Barnes & Noble.

Unfortunately, if they did suffer a ransomware attack, it is likely
that much more data was exposed than Barnes & Noble is disclosing.

When ransomware operators attack a network, they first steal
unencrypted files to use as leverage to get a victim to pay the
ransom. If the victim refuses to pay, the ransomware gang leaks the
unencrypted data on data leak sites.

These leaked files can have personal employee information, including
passports, drivers licenses, medical information, and salary.

BleepingComputer reached out to Barnes & Noble earlier today after
hearing rumors that they suffered a cyberattack but have not received
a response.