The largest bookstore chain in the United States, Barnes & Noble (more than 600 stores in 50 states), which also operates the Nook Digital e-book platform, was hit by a hack. Among other things, hackers could have gotten their hands on user data.
Edition Bleeping computer reports that starting on October 10, 2020, complaints from users began to appear on the official Nook pages on Facebook and Twitter, who wrote that they could not access their library of e-books and magazine subscriptions. When trying to do it on a Nook device or via the web, the library turned out to be empty or showed a login error on bn.com.
Soon, representatives of Barnes & Noble published a statement on social networks, stating that the company had a failure, and soon everything will work as usual. In a comment given to FastCompany, Barnes & Noble explained that they had a serious network problem and are now in the process of restoring data from backups. “Rest assured that no customer payment data was harmed, it is encrypted and tokenized,” the company said.
GoodReader writes that, according to store managers, a virus "penetrated" the Barnes & Noble network, which initially infected corporate offices, and then reached stores, where it affected the work of cash registers and interfered with the placement of orders.
As a result, on Wednesday evening, a letter was sent to the company's customers, which is at the disposal of Bleeping Computer. In this message, Barnes & Noble reported that on October 10, 2020, they were subjected to a cyberattack, in which attackers gained access to some corporate systems.
In the letter, Barnes & Noble assures that no payment details have been disclosed, but the company cannot currently claim that the hackers did not gain access to other personal information. The book giant admits that email addresses, billing addresses, shipping addresses, and purchase history have most likely been compromised.
Bleeping Computer reporters note that the attack on Barnes & Noble has all the hallmarks of a ransomware attack. For example, ransomware operators usually conduct attacks on weekends, when there are as few employees as possible at work to detect what is happening (Barnes & Noble was attacked on Saturday). The company also stated that it had to restore data from backups, which is another sure sign of a ransomware attack.
Finally, experts at Bad Packets told Bleeping Computer that Barnes & Noble previously had multiple Pulse VPN servers vulnerable to CVE-2019-11510. Recently, this vulnerability has become very popular among cybercriminals, as it allows access to user credentials stored on the device.
Journalists write that if the company was really attacked by a ransomware, it is likely that the data leak was much larger than Barnes & Noble suggests. The fact is that hackers are increasingly engaging in so-called "double extortion".
Back in late 2019, the creators of the ransomware started operating under this new scheme. It all started with the operators of the Maze ransomware, who began to publish files they stole from the attacked companies if the victims opened to pay. The hackers set up a special website for such "leaks", and soon other groups, including Sodinokibi, DopplePaymer, Clop, Sekhmet, Nephilim, Mespinoza and Netwalker, followed suit, which also began to use the stolen data as additional leverage on victims.
Unfortunately, these files often contain personal information about company employees, including their passports, driver's licenses, medical information, and salary data.