Update Your Barnes & Noble Password Right Now

In a recent email, Barnes & Noble informed its customers of a security breach on October 12 that may have exposed email addresses and other account information.

Advertisement

The hack affected store systems, reportedly rendering cash registers unusable for a time, and also affected Nook apps and devices. Users were unable to view their collections, load past purchases, or buy new books, and Nook-related web pages were temporarily inaccessible for a few days this week. Most Nook functionality seems to be restored by now, but the full severity of the leak is unclear.

Advertisement

In the email, Barnes & Noble confirms user email addresses, shipping and billing addresses, and phone numbers were vulnerable, but found no evidence any of this information was stolen. The email also says financial data is encrypted and safe—or at least, that’s how it looks for now.

Illustration for article titled Update Your Barnes Noble Password Right Now

Screenshot: Brendan Hesse

The company says the worst users should expect is that they may receive unwanted spam emails or phone calls. However, some users have reported unauthorized account access and purchases in the days since B&N systems were compromised.

While it’s possible hackers stole and decrypted password and payment data, it’s equally likely the affected users had poorly secured bank accounts that use the same email address as their Barnes & Noble profile. It’s not hard to break into an account using credential stuffing, especially if users re-use a password that’s been compromised in other leaks and they don’t have extra account security enabled, such as two-factor authentication (2FA).

Advertisement

Either way, there’s more risk than just the spam emails and calls Barnes & Noble suggests. Even if the hack exposed only email and phone numbers, these can be used to phish passwords and other security information from unsuspecting victims—that’s why your bank says it “never asks you for your password.”

So if you get an email asking for your account number, credit card info, or password, don’t provide it. And don’t click on any links or email attachments, either.

Advertisement

You should also update your Barnes & Noble account with new, unique passwords, turn on 2FA or other login security options, and start using an encrypted password manager.

Leave a Comment