‘Barnes & Noble’ Likely Hit by Client Data Stealing Ransomware

• The large online eBook reading platform in the US was hit by what looks like ransomware.
• The Barnes & Noble service is still down almost five days after the attack happened, while the firm attempts backup restoration.
• It is rumored that the hackers found their way into the corporate network by exploiting a long-fixed bug.

American bookstore chain ‘Barnes & Noble’ has had a cybersecurity incident that looks like a ransomware attack. While the firm operates 627 physical retail stores in fifty US states, they also run an eBook and e-Reader platform called “Nook Digital.”

A couple of days ago, that service was taken down with no official explanation, with users who had bought books and magazines not being able to access their content. When they did manage to access the platform, all they got was an empty library.

B&N Fail. No notice to their customers, no social media announcement, it has been almost 12 hours since I was able to access anything in my library.

Barnes and Noble Nook syncing systems are down https://t.co/L9c81Nowdm via @goodereader

— CHudy (@spotteddogbarn) October 11, 2020

Yesterday, the service sent emails to their Nook customers to acknowledge the service interruption and assure them that a backup restoration process is underway. Until this is completed, the clients will have to be patient since they won’t be able to access the stuff they paid for. When the service is back to normal operational status, all of the affected customers will receive a coupon for the inconvenience.

Restoring from backup servers definitely sounds like something to do after a ransomware attack, but Barnes & Noble hasn’t given any more details about what interrupted their service. However, today, they’ve provided a statement to the media where they mentioned unauthorized and unlawful access to certain corporate systems. This may have exposed customer email addresses, billing details, shipping addresses, telephone numbers, and transaction histories.

Before you panic, Barnes & Noble stated that the clients’ financial information was encrypted and tokenized as a security precaution, so even if the hackers stole them, they wouldn’t have a way to read it. They also said they see no evidence that the data has been exposed anywhere - but this may happen in the future, of course.

Following this disclosure, ‘Bad Packets’ said that in one of their recent scans, Barnes & Noble’s Pulse VPN servers came out vulnerable to CVE-2019-11510. Exploiting this flaw could have led to network account credentials takeover, information access, lateral movement, and more. This is a flaw that has “burned” many firms since August 2019, but somehow, there are still unpatched systems running out there.

Week 19 CVE-2019-11510 Scan Results
• Vulnerable Pulse Secure VPN servers detected: 3,825

Our latest vulnerability scan results are freely available for authorized CERT, CSIRT, and ISAC teams.

Submit request here: https://t.co/vlS08kyQo2#cybersecurity #infosec #threatintel

— Bad Packets by Okta (@bad_packets) January 4, 2020

The Nook service is still down right now, so the bookstore could be dealing with absurd ransom demands. If you are using Nook and still have access to your files, do not reboot your device and do not clear your app’s cache. Finally, you should not try to buy anything new from the online store for the moment. The Barnes & Nobles’ support team has been overwhelmed already, so you should stay calm and be patient.