|  10-15-2020, 03:06 AM | #1 | 
| The Grand Mouse 高貴的老鼠            Posts: 74,406 Karma: 318076944 Join Date: Jul 2007 Location: Norfolk, England Device: Kindle Oasis | 
				
				Barnes & Noble databases hacked
			  Barnes and Noble have been the victims of a cyber attack where the attackers gained access to some of their databases. This means that the names, email addresses, postal addresses, telephone numbers and purchase history of some or all Barnes & Noble customers have probably been obtained by the attackers. It's unlikely that the attackers have obtained credit card numbers (Barnes & Noble say they have not) but it can't (IMO) be ruled out at this stage. They have sent out an email to customers: Dear Barnes & Noble Customer, It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems. We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details. Firstly, to reassure you, there has been no compromise of payment card or other such financial data. These are encrypted and tokenized and not accessible. The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number. We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility. We give below answers to some frequently asked questions. We take the security of our IT systems extremely seriously and regret sincerely that this incident has occurred. We know also that it is concerning and inconvenient to receive notices such as this. We greatly appreciate your understanding and thank you for being a Barnes & Noble customer. Barnes & Noble FAQ 1. Have my payment details been exposed? No, your payment details have not been exposed. Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system. 2. Could a transaction be made without my authorization? No, no financial information was accessible. It is always encrypted and tokenized. 3. Was my email compromised? No. Your email was not compromised as a result of this attack. However, it is possible that your email address was exposed and, as a result, you may receive unsolicited emails. 4. Was any personal information exposed due to the attack? While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these. 5. Do you retain any other information in the impacted systems? Yes, we also retain your transaction history, meaning purchase information related to the books and other products that you have bought from us. | 
|   |   | 
|  10-15-2020, 06:04 AM | #2 | 
| Still reading            Posts: 14,905 Karma: 110507267 Join Date: Jun 2017 Location: Ireland Device: All 4 Kinds: epub eink, Kindle, android eink, NxtPaper | 
			
			Reporting here: https://www.theregister.com/2020/10/..._noble_hacked/ I know hackers are clever, but actually ANY company getting hacked has been negligent. Either with staff passwords if internal, training if it's by social engineering (even a free mouse in the post to a senior person with malware, that's real) or poor internet facing security. There is zero excuse. Also past experience shows many companies are slow to admit the extent of hacks. NEVER use the same password for more than one site. Write them in an address book never stored with computer. Only store non-financial passwords in your browser password manager. Do not let Amazon, Google, Microsoft etc store WiFi or site passwords, other than the login you use with them. | 
|   |   | 
|  10-15-2020, 06:17 AM | #3 | |||
| Grand Sorcerer            Posts: 11,732 Karma: 128354696 Join Date: May 2009 Location: 26 kly from Sgr A* Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000 | 
			
			Most hacks just take data quietly. This one crashed the entire system. At last report (wed Oct 14) the stores were up, Nook wasn't. Five days and counting. The drama went unreported by everybody but Reddit until the fourth day, make of it what you will. Check the comments here, where a couple of people have reported suspicious activity on their B&N-linked credit cards: https://the-digital-reader.com/2020/...n-all-of-them/ https://the-digital-reader.com/2020/...aturdays-hack/ Not something any company wants to experience, much less one as troubled as B&N, but their user side response has been...less than desirable? Edit: With the tech media finally noticing, details are emerging and they're not good. ZDNET is reporting: Quote: 
 The Bleeping News report is more of the same except it adds this ominous bit: Quote: 
 Quote: 
 For a retailer, ransomware attacks typically target consumer data rather than doxing employers. BTW, the cited vulnerability was reported back in April 2019, when a patch was issued. 18 months later, their systems remained unpatched.   Last edited by fjtorres; 10-15-2020 at 07:29 AM. | |||
|   |   | 
|  10-15-2020, 08:03 AM | #4 | 
| Wizard            Posts: 2,874 Karma: 10700629 Join Date: May 2016 Location: Canada Device: Onyx Nova | |
|   |   | 
|  10-15-2020, 08:05 AM | #5 | |
| Grand Sorcerer            Posts: 7,196 Karma: 70314280 Join Date: Dec 2006 Location: Atlanta, GA Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2 | Quote: 
 Storing passwords in a book just means that anyone with access to that book has access to your passwords. My sister uses your method of handling passwords. Her kids know where the notebook with the passwords is. For some strange reason, she can't keep them from using the wifi after hours. Gee, I wonder why.  It's correct that you shouldn't use the same password for different sites. Pass that, most individuals don't need CIA level security. Someone who has physical access to your computer is going to get the data off of it. Unless you are at special risk, letting the browser save the password is fine. They store it encrypted. Storing your passwords in an encrypted document or in a good password app is also fairly safe for most people. Using a good VPN when on a public WiFi is also a good idea. | |
|   |   | 
|  10-15-2020, 08:59 AM | #6 | 
| Grand Sorcerer            Posts: 13,965 Karma: 243829933 Join Date: Jan 2014 Location: Estonia Device: Kobo Sage & Libra 2 | 
			
			I do use the same passwords for less important sites, where there are no financial data stored and I wouldn't care whether the site got hacked. There are just too many of those to use individual passwords for each. For Amazon, Google, Microsoft, PayPal, Adobe etc I use unique passwords. And I actually use the analog method of storing passwords.  But then no other person has access to my things, I almost never have any visitors and I keep the password paper somewhat hidden, so an accidental burglar wouldn't find it easy to grab either. Not that I've ever been burglarized. Last edited by Sirtel; 10-15-2020 at 09:03 AM. | 
|   |   | 
|  10-15-2020, 09:14 AM | #7 | 
| Grand Sorcerer            Posts: 11,732 Karma: 128354696 Join Date: May 2009 Location: 26 kly from Sgr A* Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000 | 
			
			More common than most people realize. Good IT takes time and money and most non-tech businesses see IT as a cost center. And when companies are financially stressed IT is one of the first things to get whittled to the bone. Notice how getting the store cash registers was hit first and BN.COM and Nook are still having "issues" into day six. It's triage. They addressed their big cash flow source first which is sensible. Not emailing customers by sunday and telling then the systems were down, being worked on, and that nothing would be lost (even if not totally true), that wasn't anywhere near sensible. This was a case of any news being better than no news, a time for transparency or even reassuring lies. Not silence. At this point B&N's only asset with consumers is their brand. And they failed to protect it. Even if no books are lost, people didn't know they wouldn't and as the comments at Nate's site show people are really scared and affaid of losing their books. Major brand damage to a business under stress from all sides, especially the pandemic. Seriously ungood. | 
|   |   | 
|  10-15-2020, 09:22 AM | #8 | 
| Diligent dilettante            Posts: 3,662 Karma: 52758936 Join Date: Sep 2019 Location: in my mind Device: Kobo Sage; Kobo Libra Colour | 
			
			I don't have a Nook or use B&N but this did make me glad I followed a suggestion elsewhere here at MR to download all my Kobo purchases and make them truly mine. Not being able to read a book I'd legitimately purchased would be annoying, losing access to all of them would be an outrage.
		 | 
|   |   | 
|  10-15-2020, 09:28 AM | #9 | |
| Grand Sorcerer            Posts: 11,732 Karma: 128354696 Join Date: May 2009 Location: 26 kly from Sgr A* Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000 | Quote: 
  As is, IT thinking on passwords has been evolving and many are rethinking their user system security policies. Biometrics are filtering down to phones and fairly cheap tablets and PCs. Fingerprint readers and, yes, facial recognition, are replacing passwords as the key authentication systems at the user level, even if PIBS and passwords remain as a "se urity blanket". Even security fobs and keys are coming to PCs. At the corporate level security fobs, keys, and cards and biometrics are the minimum at most well run places and have been for decades. There's too much compute power out there for even the hardiest password to be trusted for mission critical security. | |
|   |   | 
|  10-15-2020, 09:49 AM | #10 | 
| Wizard            Posts: 2,775 Karma: 45827761 Join Date: Sep 2012 Location: Ohio Device: iPhone 13 Pro, iPad mini, iPad Pro 12.9",Paperwhite 6.8", Scribe 2022 | 
			
			And as Data wonders...
		 | 
|   |   | 
|  10-15-2020, 10:01 AM | #11 | 
| Diligent dilettante            Posts: 3,662 Karma: 52758936 Join Date: Sep 2019 Location: in my mind Device: Kobo Sage; Kobo Libra Colour | 
			
			Bitwarden does ok for me - I doubt there's much about my life that interests Five Eyes enough to bother cracking the 12-25 character passwords it generates for each website I use. Remembering the master passphrase is much easier than trying to decipher the drunken spider's scrawl that would be any handwritten list I might create.
		 | 
|   |   | 
|  10-15-2020, 10:23 AM | #12 | 
| Wizard            Posts: 2,775 Karma: 45827761 Join Date: Sep 2012 Location: Ohio Device: iPhone 13 Pro, iPad mini, iPad Pro 12.9",Paperwhite 6.8", Scribe 2022 | 
			
			I've started letting Apple set the complex password for most sites. They are shared to all 3 of my iDevices, and their security is better than most. I also don't let most shopping sites save my payment info, unless it's a site I use regularly. We use one credit card for most purchases, and can easily check activity. I don't have our main checking account linked to any shopping sites, we have one account we keep low balances in tied to PayPal. But prefer the safety of using the credit card, and Apple Pay when out and about. The company hubby works for is very serious about security. They routinely send out fake phishing emails etc. to their employees, and employees who fall for them have to go through "Online Safety" meetings etc. They aren't a retail company, but do have government contracts etc. They've done even more of these since the lock-down and so many people working from home using their VPN and company computers. At one time you could use a personal computer with their VPN but they stopped that years ago. | 
|   |   | 
|  10-15-2020, 10:27 AM | #13 | |
| Wizard            Posts: 2,215 Karma: 8888888 Join Date: Jun 2010 Device: Kobo Clara HD,Hisence Sero 7 Pro RIP, Nook STR, jetbook lite | Quote: 
 I also have two part verification on all email accounts--yes I have about fine email accounts. When my gmail is accessed from a new IP address or new device I get notification on two email accounts and all of my android devices. bernie | |
|   |   | 
|  10-15-2020, 10:36 AM | #14 | 
| Grand Sorcerer            Posts: 11,732 Karma: 128354696 Join Date: May 2009 Location: 26 kly from Sgr A* Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000 | 
			
			It isn't paranoia if they're really outto get you.
		 | 
|   |   | 
|  10-15-2020, 10:47 AM | #15 | 
| Diligent dilettante            Posts: 3,662 Karma: 52758936 Join Date: Sep 2019 Location: in my mind Device: Kobo Sage; Kobo Libra Colour | |
|   |   | 
|  | 
| Thread Tools | Search this Thread | 
| 
 | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| Barnes & Noble Book in my T1? | MickeyC | Sony Reader | 6 | 11-25-2014 04:43 PM | 
| Conflict between Barnes & Noble and Simon & Schuster continues | charmian | News | 14 | 03-24-2013 11:48 PM | 
| [Old Thread] Problem reading converted EPUB & PDB on Barnes & Noble eReader | webfolk | Calibre | 3 | 01-09-2012 10:08 PM | 
| Neo Barnes & Noble from the UK | Fith | BeBook | 5 | 04-26-2010 05:20 PM | 
| Barnes & Noble | mycart | Introduce Yourself | 5 | 02-03-2010 12:14 PM |