Card readers in Barnes & Noble stores hacked by crooks
Posted on 24 October 2012.
Bookmark and Share
On September 14, Barnes & Noble, the largest book retailer in the United States, has turned off the keypads in front of registers in all of their physical stores without offering an explanation about it to the customers.

Yesterday, almost a month and a half later, the company revealed the reason behind this step: at least one of the devices in 63 of their stores had been compromised and had been recording card details for crooks to misuse.

The company hasn't spoken up earlier because it had been advised by the Justice Department to stay mum in order to not interfere with the investigation into the matter lead by the FBI, but it has now decided to warn its customers about the breach and the fact that their credit and debit cards cards might have been debited with fraudulent transactions.

They advise potentially affected customers to change their PINs and review their card statements for unauthorized purchases.

The company has admitted that there have already been some, but that they are on the decline since September. They also made sure to not that their member database has not been affected, and that card information of customers who shopped through the BarnesandNoble.com website, Nook, and Nook mobile apps has not been compromised.

According to the NYT, customers that wish to pay with their credit and debit cards at the retailer's physical stores are advised to ask booksellers to swipe their credit and signature debit cards through the card readers connected to cash registers until the 7,000 recalled keypads are returned to the stores.

As the investigation is still ongoing, no details about when and how the devices have been tampered with has been shared, so theories about it being an inside job or the result of malware installed through employees' clicks on malicious links abound.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //