Thieves stole credit and debit card PINs from thousands Barnes & Noble customers, not by breaking into the company's website, but by hacking the keypads sitting right on their store counters. The FBI is reportedly investigating claims that keypads where customers swipe their cards and enter their own personal ID numbers were compromised at 63 stores, putting everyone who used the machines at risk.
The security issue was first reported by Michael Schmidt and Nicole Perlroth of The New York Times. They also published a list of the stores that were affected. If you shopped at any of them, even as recently as September 14, you should probably talk to your banks.
Neither the Justice Department or the company formally announced the breach, but Barnes & Noble did remove all of the keypads from all of its stores and currently has no plans to return them. They also notified the credit card companies that their customers accounts may be unsecure. Anonymous Barnes & Noble officials say they didn't notify the public because the government asked them not to and the law doesn't require it. People who shopped online or bought books directly through their Nooks were not affected. A security expert tells the Times that the attack is very sophisticated and "involves many different phases of reconnaissance and multiple levels of exploitation.” We wonder if the criminals read about it a book.
This article is from the archive of our partner The Wire.