Update Your Barnes & Noble Password Now
In a recent email, Barnes & Noble informed their customers of a hack on October 12th that could have leaked email addresses and other account information.
The hack has affected store systems, reportedly making cash registers unusable for a while, and has also affected Nook apps and devices. Users were unable to browse their collections, download past purchases, or buy new books, and the Nook-related web pages were temporarily unavailable for several days this week. It appears that most of the Nook functionality has been restored by now, but the full severity of the leak is unclear.
In an email, Barnes & Noble confirms that users’ email addresses, shipping and billing addresses, and phone numbers were vulnerable, but found no evidence that this information was stolen. The letter also says the financial data is encrypted and secure – at least that’s what it looks like now.
The company says the worst thing users can expect is receiving unsolicited spam emails or phone calls. However, some users have reported unauthorized account access and purchases in the days since B&N systems were hacked.
While it is possible that the hackers stole and decrypted the password and payment details, it was equally likely that the affected users had poorly secured bank accounts that use the same email address as their Barnes & Noble profile. Hacking an account using credential padding is not difficult, especially if users reuse a password that has been compromised in other leaks and do not have additional account security such as two-factor authentication (2FA) enabled.
In any case, there is a greater risk than the mere spamming and calling that Barnes & Noble offers. Even if only email and phone numbers were found as a result of a hack, they can be used to phish passwords and other security information from unsuspecting victims – which is why your bank says it “never asks for your password.”
Therefore, if you receive an email asking for your account number, credit card information, or password, please do not share it. And don’t click on any links or attachments in emails.
You should also update your Barnes & Noble account with new unique passwords , enable 2FA or other login security options, and start using an encrypted password manager .