Barnes & Noble Inc. is an American bookseller, with the largest number of retail outlets in over 50 states. The company is the proud operator of the Nook Digital, which is the division of the company dealing with eBooks and the e-Reader platform.
Last weekend, several consumers had raised objections on Nook’s Facebook page regarding their inability to access their purchased eBooks and magazine subscriptions. Barnes & Noble’s Nook has posted a series of messages across their social media accounts, blaming a system failure as the cause of the problems. They assured that they are working to restore operations by restoring their server backups.
The messages assured that the payment information and financial data of the customers have not been compromised. In a statement to Fast Company, Barnes & Noble have said, “We have a serious network issue and are in the process of restoring our server backups. Our systems are back online in our stores and on BN.com, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.”
However, in a series of updates, GoodReader revealed that store managers have reported the presence of a virus in the Barnes & Noble network. “Various Barnes & Noble Store managers have contacted me and stated that there is a virus in their networks. It initially came down from the corporate and filtered down to the stores and also affected the Nook. Cash registers, in physical bookstores, are attached to the same network, so no orders can be placed or processed.” states GoodReader. “Some people in the comment section said some of their Nook accounts have been compromised and their credit cards are being used by third parties. The Nook Cloud continues to be down, you can’t sync or access it on the Nook e-reader or the Nook apps, so you can’t see any of the purchases you might have made in the past week.”
BleepingComputer confirmed the cyberattack. The company networks had been hit by a cyberattack on 10 October 2020. They said the source was probably an email sent to customers late Wednesday night. Opening that mail had caused the hackers to gain access to the company servers. Having compromised the Barnes & Noble network, threat actors gained access to its corporate systems.
Barnes & Noble has apologized to its customers via email, “It is with the greatest regret we inform you that we were made aware on October 10, 2020, that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
They have cautioned customers regarding the hack and said that the hackers have access to customers’ email addresses, billing addresses, shipping addresses, and purchase history. The company has not disclosed many details regarding the attack, such as the family of malware that attacked the system. However, judging by the information provided, it can be concluded that the company had been attacked by ransomware. Depending on the family of ransomware that allegedly infected the company systems we cannot exclude that ransomware operators will leak stolen data on a leak site to threaten Barnes & Noble.