Recently, Barnes & Noble had a ransomeware attack that disabled access to customer’s books and exposed their email address, phone number, and shipping address.
From techrepublic:
'Millions of Barnes & Noble customers received a worrying email around 1 am on Thursday morning notifying them that the company suffered from a cyberattack on Oct. 10, which brought down its Nook services and led to the "unauthorized access" to "certain Barnes & Noble corporate systems."'
The attack seems to have centered around the use of VPN. A cybersecurity firm, Bad Packets, also shared even more details with BleepingComputer that indicate the attack may have originated from the CVE-2019-11510 vulnerability, which can be found in the Pulse VPN servers that Barnes & Noble uses.
Jeff Hussey, CEO of Tempereed, had this to say about VPN: "Visibility is not security, and VPNs are brittle, 25-year-old technology. They weren't built to scale to the connected world of 2020 and beyond. And using a security approach based on location, instead of identity, is a bad idea. These outdated approaches need to be modernized and recognizing that is the first step,"
HuH? VPN is outdated, 25-year-old technology? So maybe we’ll be seeing some new VPN technology now that Barnes & Noble has been hit - no one wants to know that their VPN isn’t really secure.
John R Carter Sr