Book store giant Barnes & Noble has been notifying clients since October 12, 2020, about a cyber-attack. According to the store, on October 10, 2020, they fell victim to a cyber-attack which resulted in unauthorized access to some of their corporate systems. The company states that client information might have been stolen, but the investigation so far had not concluded that any was affected. Furthermore, the company stated that payment information is kept encrypted and tokenized, and that payment data is not accessible from the systems that were targeted.
Analyst Notes
Up to this point, the company has no evidence that any information was stolen. They began notifying clients as a cautionary procedure and warned that if credentials were stolen from the company, customers should be on the lookout for further attacks. Although it is not confirmed that data was stolen, anyone who had an account from Barnes & Noble should begin the process of changing their password and ensure that the old password was not re-used on any other platforms. People should also be aware of phishing attacks targeting their associated email. Another good practice when making accounts on websites is to see if Multi-Factor Authentication (MFA) is available and set it up when it is. This will help prevent attacks if credentials are stolen until the affected parties get a chance to change their password.
More can be read here: https://www.infosecurity-magazine.com/news/cyberattack-on-major-us-bookseller/
