Barnes & Noble Warns Customers About Data Breach
Famed bookseller says non-financial data was exposed in a new attack.
Barnes & Noble has notified customers that its systems were breached, placing their personal information at risk.
The notification comes on the heels of a "system failure" that led to users of Nook, Barnes and Noble's e-book reader, to lose access to their books and purchases on their mobile devices.
While Barnes & Noble has yet to offer details on the breach, a blog post at Tripwire says that, according to researcher Troy Mursch, Barnes & Noble has been running Pulse Secure VPN servers for months that have not been patched against the critical CVE-2019-11510 vulnerability. In August, ZDnet reported that hundreds of usernames and passwords for Pulse Secure enterprise VPN servers -- including those of Barnes & Noble -- had been posted on Russian Dark Web markets.
No financial or payment information was exposed in the breach, but customer names, email and shipping addresses, and order histories, were. This type of non-financial information is often used by cybercriminals to build compelling text for spear-phishing campaigns.
For more, read here.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024