Barnes & Noble, the popular bookseller, recently suffered a major hack, affecting its website, Nook devices, and exposing customers’ personal details.
Since October 10th, B&N customers have been reporting issues with accessing books and titles on the company’s website and via its Nook, Barnes & Nobles e-reader tablet.
Soon after, B&N stated that they were suffering a systems failure regarding the Nook platform. However, they hadn’t mentioned any kind of attack or hack as being the cause of the problems until days later, with an email.
The email stated that they suffered an attack on October 10th and that unauthorized parties were able to access B&N’s data. In a FAQ, they stated that exposed information included email addresses, shipping and billing information, telephone numbers, and transaction data. No payment or credit card information was exposed as its kept by B&N in an encrypted state.
Based on the details of the attack, security researchers are speculating that B&N might have suffered a ransomware attack, which could have exposed much more data than initially reported, including employee information. However, Barnes & Nobles has, at the time of this writing, not addressed whether the attack was due to ransomware or not.
When faced with data breaches or hacks such as these, you should know that your email address has probably leaked and is now in the hands of hackers. How or if that information will be used is yet to be seen—you may be added to a spam list or someone might make a more targeted attack. You should also be wary of additional emails that are impersonating B&N—these kinds of phishing emails often take advantage of known hacks and try to get victims to click on a malicious link or download some kind of malware.
If you want to prevent your data from leaking in the first place, consider using alternative email addresses, using this gmail trick, and/or lying when asked for personal details. While it may not always be possible when purchasing physical products, you don’t always have to give up your name and address if you’re, for example, subscribing to a service.
To learn more about the Barnes & Noble attack, visit Bleeping Computer here.