Posted on October 15, 2020 at 1:59 PM
A major US-based bookseller, Barnes & Noble, recently confirmed that it was a victim of a strong cyberattack. Worse than that, the company said that its customers’ personal details may have been accessed by the attackers.
The company responded to the intrusion by taking its website offline, which is why some clients may have found that they cannot access the site.
However, after cleaning up the mess, the company managed to come back online, and it restored its servers thanks to its regular backups.
Customers’ payment data should be safe
According to the company, no information regarding payment details was revealed during the attack, so the customers do not have to worry about their accounts. The company always keeps such data tokenized and encrypted. And, while it is possible that encrypted data was stolen, hackers would first have to break top encryption to access such info.
Still, it is always good to check them as a precaution, but the firm claims that such information was stolen in its decrypted form.
Other data, however, such as customers’ addresses, may have also been accessed during the incident. One thing that the firm knows for sure is that users’ emails and their purchase details were, in fact, left exposed, and most likely stolen.
Why is this important?
While this data doesn’t seem like something that hackers could do a lot of damage with, the fact is that this could start a whole new wave of phishing attacks. It is also a possibility that hackers might try to break into emails by using brute force, which is why Barnes & Noble customers are advised to change their passwords, and make them complex and as difficult to guess as they can.
Experts always suggest using password managers for that, as they have the ability to generate random passwords containing letters, numbers, symbols, and more.
Since it is unknown what hackers managed to steal precisely, customers should assume the worst and bring as much extra security to their email and other accounts as possible. It is also possible that hackers managed to get a hold of customer addresses, as mentioned, but also phone numbers.
This could also lead to phone scams further down the road, which is why users should be vary of that, as well.
The attack might have ties to an earlier issue
One thing to note is that the incident came shortly after what was described as a system failure last Monday. Back then, access to Nook content and order processing were affected. However, the company claims that it only became aware of the security breach on October 10th.
Unfortunately, the firm did not mention directly whether these two events were linked in any way.
The company managed to partially restore its systems by Tuesday, although it waited until Wednesday to reveal that something was wrong with Nook, and admit that the service had issues.
Reports also claim that the outage the service suffered managed to spread to physical outlets, as well. Some of the cash registers were disrupted, and unable to function for a brief period.
The original speculations revolved around the idea that the disruption was caused by malware. After all, it would have to be a pretty major glitch to cause Point-of-Sale (PoS) terminals to malfunction in such a way. But, due to the fact that the process of recovery took longer than expected, the company decided to come clean and admit to suffering a hacking attack.
Waiting for further information
At this point, there are not a lot of details that are publicly known, as the investigation is likely still on-going. It is entirely possible that simple data theft is not the end of it, and that ransomware or some other kind of malware may be involved, after all.
However, it is all just speculation for now, until the company decides to reveal more about the attack.
For now, Barnes & Noble is contacting its customers via email, notifying them of the incident, and explaining the current situation.