Barnes & Noble hack exposes customers’ email, purchase history

JC Torres - Oct 14, 2020, 9:55pm CDT
0
Barnes & Noble hack exposes customers’ email, purchase history

Although the Nook has pretty much disappeared into the background behind the Amazon Kindle, Barnes & Noble remains a well-known name with a fair number of loyal customers. Those customers, however, may now have something to worry about as the bookseller reached out with some disturbing news. It reveals that its corporate systems fell victim to a cybersecurity attack and that the hackers may have gotten away with some important information about B&N’s customers, potentially including their addresses.

To be clear, no financial information or payment details were pilfered during the attack. These are, Barnes & Noble explains, always encrypted and tokenized. It doesn’t, however, discount the possibility that this encrypted data was also stolen, which could still fall prey to attempts at decrypting them.

The company, however, does admit that at least two pieces of customer information were left exposed. Those include user’s emails and their purchase transactions. The latter could perhaps be used to build a profile of customers while the former could be used for phishing attempts. Whether customers’ email accounts themselves will be compromised will depend on how strong the security of their emails is.

Hackers may have also gotten away with billing information, which includes the customer’s shipping address and telephone number if the customer supplied those. While impacted people may not have to worry about their credit cards being used for unauthorized transactions, they will have to be on guard against scams. Needless to say, it might be a good time to change your email’s password and activate two-factor authentication (2FA) if you received B&N’s warning.

This incident follows what the company described as a “system failure” last Monday that affected access to Nook content as well as processing orders at retail stores. Barnes & Noble claims that they were made aware of the security intrusion on October 10 but makes no mention if the two are in any way related.


Must Read Bits & Bytes