• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.

It looks like Barnes and Noble may have been hit by a cybersecurity attack? (Update: News articles reporting)

Android Sophia

Android Sophia

The Absolute Sword
The Fallen
Oct 25, 2017
6,096
Just received this at my email. Looks like they got email addresses as well as shipping address and telephone numbers. I'm wondering if I was caught in this myself given that I had only given my email in the store once very recently, and I've never shopped on their website.

thunderbird_200n8jlz.png
Click to expand...
Click to shrink...
 
Last edited:
supermatt

supermatt

Member
Oct 25, 2017
369
This is weird. That email reads as very scammy/phishy to me... just a lot of awkwardly phrased sentences, and the logo at the top doesn't match the logo on the official bn.com site or the logo in other emails I've received from them.

That being said, they've definitely had issues over the last few days, so it does appear something is happening. They have this notice posted on their site:
We are continuing to experience a systems failure that is interrupting NOOK content. We are working urgently to get all NOOK services back to full operation. Unfortunately it has taken longer than anticipated, and we sincerely apologize for this inconvenience and frustration. Please be assured that there is no compromise of customer payment details which are encrypted and tokenized. We expect NOOK to be fully operational shortly and will post an update once systems are restored. Thank you for your patience.
Click to expand...
Click to shrink...

And this blog post has some other updates:
goodereader.com

Barnes and Noble Nook syncing systems are down

Barnes and Noble is experiencing an outage on their Nook e-readers and the Nook apps for Android and iOS. The Nook libraries are not syncing or loading purchases, which means you cannot read ebooks, view your purchases or make new purchases. The entire system has crashed and it won't be fixed...
goodereader.com goodereader.com

I received a notification a couple days ago that there were issues syncing Nook content, but I haven't received an email about a breach. Hmm.
 
OP
OP
Android Sophia

Android Sophia

The Absolute Sword
The Fallen
Oct 25, 2017
6,096
supermatt said:
This is weird. That email reads as very scammy/phishy to me... just a lot of awkwardly phrased sentences, and the logo at the top doesn't match the logo on the official bn.com site or the logo in other emails I've received from them.
Click to expand...
Click to shrink...

Yeah, I think you may be right and this is a scam email. I'm gonna go ahead and lock this.

See below, apparently it's real.
 
Last edited:
OP
OP
Android Sophia

Android Sophia

The Absolute Sword
The Fallen
Oct 25, 2017
6,096
Looks like this is real after all, several news sites are reporting on it now. Several others confirmed to me that they also received the email at the same time I did.

www.zdnet.com

Barnes & Noble confirms cyberattack, ransomware group leaks allegedly stolen data

Updated: The bookseller’s security incident also impacted Nook services.
www.zdnet.com www.zdnet.com

www.cnn.com

Barnes & Noble cyberattack exposed customers' personal information | CNN Business

A day after Barnes & Noble solved its Nook outage, the bookstore revealed a far more serious problem: A massive cybersecurity attack breached the company's data, exposing information about customers, including email addresses and other personal information.
www.cnn.com www.cnn.com

www.bleepingcomputer.com

Barnes & Noble hit by cyberattack that exposed customer data

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers' data.
www.bleepingcomputer.com www.bleepingcomputer.com

Thanks gagewood for bringing this to my attention.
 
Last edited:
gagewood

gagewood

Member
Oct 25, 2017
1,206
Thanks for re-opening the thread. :)

It seems unclear at this point if transaction history includes payment info, and whether that would be online or in-store purchases (or both). Either way, hooray I guess for yet another trove of breached data to toss into the endless supply.

Funny thing is that over the past year or more I've been gradually trying to go through all my login credentials and delete old and unneeded accounts. B&N is one I remember had no obvious way to delete it from your settings page like many other sites/retailers. According to justdeleteme.xyz:

r0ENnpP.png


*gives thumbs up to B&N
 
bigstef71

bigstef71

Banned
Jul 5, 2018
1,150
Chicago
They had me change my password just now but had me either answer a security question or send an email so I don't know if they have 2FA.
 
You must log in or register to reply here.