Barnes & Noble has notified customers that its systems were breached, placing their personal information at risk.
The notification comes on the heels of a "system failure" that led to users of Nook, Barnes and Noble's e-book reader, to lose access to their books and purchases on their mobile devices.
While Barnes & Noble has yet to offer details on the breach, a blog post at Tripwire says that, according to researcher Troy Mursch, Barnes & Noble has been running Pulse Secure VPN servers for months that have not been patched against the critical CVE-2019-11510 vulnerability. In August, ZDnet reported that hundreds of usernames and passwords for Pulse Secure enterprise VPN servers -- including those of Barnes & Noble -- had been posted on Russian Dark Web markets.
No financial or payment information was exposed in the breach, but customer names, email and shipping addresses, and order histories, were. This type of non-financial information is often used by cybercriminals to build compelling text for spear-phishing campaigns.
For more, read here.