Barnes & Noble has fallen victim to a cyberattack, which resulted in unauthorized access to company networks and exposure of customer information, the bookstore giant disclosed earlier this week.
The attack also affected the entire NOOK system, and customers still can’t sync recent purchases to their e-readers or access e-book content on their devices.
The systems outage began on October 10, and customers quickly turned to social media platforms inquiring about the sudden disappearance of their NOOK library.
“Hey, what gives? My app updated and now the 3 books I paid for have still not come in for days, there’s no updated info on the website,” one customer said in a tweet.
Unfortunately, NOOK servers are still down, and the bookseller has yet to say when the issue will be fixed.
“We are continuing to experience a systems failure that is interrupting NOOK content,” reads an alert posted by the company. “We are working urgently to get all NOOK services back to full operation.”
The attack did more than cripple Barns & Noble corporate network. According to a notice sent to customers, the security incident may have exposed email addresses, billing, shipping information and telephone numbers of shoppers.
“Firstly, to reassure you, there has been no compromise of payment card or other such financial data,” the email reads. “These are encrypted and tokenized and not accessible. The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number.”
Although there is not enough evidence to suggest data exfiltration at this time, the possibility cannot be ruled out. If confirmed, the attackers could have also viewed customer transaction history, such as purchase information related to products purchased from Barnes & Noble online store.
Until further notice, shoppers are advised to look out for any unsolicited emails. Despite these drawbacks, the company expects that NOOK will soon be fully operational once their systems are back online.
“We expect NOOK to be fully operational shortly and will post an update once systems are restored. Thank you for your patience,” reads the latest update from October 14.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Alina Bizga. Read the original post at: https://hotforsecurity.bitdefender.com/blog/barnes-noble-cyberattack-may-have-exposed-personal-information-of-shoppers-24322.html