• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Warning for Barnes & Noble Shoppers- US

Joined
Oct 12, 2008
Messages
5,660 (1.67/day)
Likes
2,609
Location
στο άλφα έως ωμέγα
System Name Ha/AhHa/Dell
Processor QX9650 SLAWN C1/i7-980x/i7-6700K
Motherboard GA-X48_DS4 (F3B bios)/Gigabyte x58A-UDR3 v 2.0(modded FH bios)/Dell Foxconn 0XJ8C4 Z170
Cooling CNPS9900 LED/H60/ 3 pipe-center fan-air
Memory 8 Gig of G.Skill F2-8800CL5D/24 Gb Corsair Vengence/ 24Gb Samsung DDR4 2133
Video Card(s) Galaxy NVIDIA GeForce GTX 960/PowerColor R9 280/ASUS R9 380X Strix G1
Storage All have SSDs with HDDs for extra storage and backup/Dell-M.2 Samsung 850 EVO PCIe
Display(s) Asus 266H/Viewsonic 1080p/HP ZR24W
Case CM-690/CM-690 II adv/Dell 8900 series
Audio Device(s) All use on board (Realtek) w/2.1 speakers
Power Supply PC P&C 750/PC P&C Silencer 950/CM 700 Extreme
Mouse Logitech
Keyboard Logitech
Software Windows 10 Pro - 64 bit/Windows 10 Pro - 64bit/Windows 10 Pro - 64bit
#1
A little story, in case any of you have been shopping at Barnes & Noble.

Barnes & Noble has detected tampering with their pin pad devices in 63 of it's stores nationwide.
It is recommending that customer keep track and be aware of their accounts;, also, they may want to change their passwords/pins.

Law enforcement has been notified and are investigating. Also, B&N is doing it's own investigation and co-operating with law enforcement.

Source: Business Wire Newsroom

Quotes and info from story @ Barnes & Noble Detects Tampering With PIN Pad Devices at Stores

NEW YORK--(BUSINESS WIRE)--Barnes & Noble (BKS) has detected tampering with PIN pad devices used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the affected stores, Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide. The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter.
List of stores from above story @ Business Wire

Tampered PIN pads were discovered from stores in the following states: CA, CT, FL, NJ, NY, IL, MA, PA, RI. A complete list of specific stores follows.
Store Address City State Zip
4735 Commons Way Calabasas CA 91302
2470 Tuscany Street Suite 101 Corona CA 92881
2015 Birch Road Suite 700 Chula Vista CA 91915
313 Corte Madera Town Center Corte Madera CA 94925
5604 Bay Street Emeryville CA 94608
810 West Valley Parkway Escondido CA 92025
1315 E. Gladstone Street Glendora CA 91740
5183 Montclair Plaza Lane Montclair CA 91763
894 Marsh St Bldg G San Luis Obispo CA 93401
2615 Vista Way Oceanside CA 92054
72-840 Highway 111 Suite 425 Palm Desert CA 92260
27460 West Lugonia Ave Redlands CA 92374
1150 El Camino Real Space 277 San Bruno CA 94066
10775 Westview Parkway San Diego CA 92126
3600 Stevens Creek Blvd San Jose CA 95117
11 West Hillsdale Blvd. San Mateo CA 94403
9938 Mission Gorge Road Santee CA 92071
40570 Winchester Rd Temecula CA 92591
4820 Telephone Road Ventura CA 93003
1149 S. Main St. Walnut Creek CA 94596
470 Universal Drive North North Haven CT 06473
100 Greyrock Place Suite H009 Stamford CT 06901
60 Isham Road W. Hartford CT 06107
18711 NE Biscayne Blvd Aventura FL 33180
333 N. Congress Avenue Boynton Beach FL 33436
152 Miracle Mile Coral Gables FL 33134
1900 W International Spdway Daytona Beach FL 32114
2051 N. Federal Highway Fort Lauderdale FL 33305
12405 N Kendall Drive Miami FL 33186
11380 Legacy Ave Palm Beach Gardens FL 33410
14572 SW 5th St Suite 10140 Pembroke Pines FL 33027
11820 Pines Blvd Pembroke Pines FL 33026
5701 Sunset Drive Suite 196 S. Miami FL 33143
700 Rosemary Ave Unit #104 West Palm Beach FL 33401
1441 West Webster Avenue Chicago IL 60614
1130 North State Street Chicago IL 60610
5380 Route 14 Crystal Lake IL 60014
20600 North Rand Road Deer Park IL 60010
728 North Waukegan Road Deerfield IL 60015
1630 Sherman Avenue Evanston IL 60201
1468 Springhill Mall Blvd W. Dundee IL 60118
170 Boylston Street Chestnut Hill MA 02467
96 Derby Street Suite 300 Hingham MA 02043
82 Providence Highway East Walpole MA 2032
395 Route 3 East Clifton NJ 07014
55 Parsonage Road Edison NJ 08837
2134 State Highway 35 Holmdel NJ 07733
4831 US Hwy 9 Howell NJ 07731
23-80 Bell Blvd. Bayside NY 11360
176-60 Union Turnpike Fresh Meadows NY 11366
1542 Northern Blvd Manhasset NY 11030
160 E 54th Street (Citicorp) New York NY 10022
2289 Broadway New York NY 10024
33 East 17th Street (Union Square) New York NY 10003
555 Fifth Ave New York NY 10017
2245 Richmond Avenue Staten Island NY 10314
230 Main St White Plains NY 10601
97 Warren Street New York NY 10007
100 West Bridge Street Homestead PA 15120
800 Settlers Ridge Center Drive Pittsburgh PA 15205
1311 West Main Road Middleton RI 02842
371 Putnam Pike Suite 330 Smithfield RI 02917
1350-B Bald Hill Rd Warwick RI 02886
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,414 (3.53/day)
Likes
4,275
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#2
from the article
The criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers.
so this was obviously well coordinated across that many States. i wonder how they were able to sneak the bugs into the pin pads...
 
Joined
Jun 3, 2007
Messages
22,428 (5.77/day)
Likes
8,945
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
#3
from the article

so this was obviously well coordinated across that many States. i wonder how they were able to sneak the bugs into the pin pads...
64 stores were affected AFAIK and its only an issue if you went to the store itself. Nothing online was affected.
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,414 (3.53/day)
Likes
4,275
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#4
64 stores were affected AFAIK and its only an issue if you went to the store itself. Nothing online was affected.
i know. but i wonder how they were able to make that kind of coordination. sneaking the bugs into the pin pads could not be easy
 

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,527 (6.38/day)
Likes
6,950
Location
Chatsworth, GA
System Name The StarCrunch Defender! | X58 Cruncher!
Processor I7 6700K @ STOCK | Intel I7-920
Motherboard Gigabyte Z170X-UD5 | Alienware MS-7543 X58
Cooling Corsair A70 Push/Pull | Corsair H50
Memory Crucial Ballistix DDR4 2400 MHz | Pereema 3x2GB DDR3
Video Card(s) Gigabyte Gaming G1 GTX 1070 | Gigabyte 7970 3GB
Storage 2x Samsung Pro 256GB M.2 SSD's in Raid 0 | 4TB Western Digital SATA drive
Display(s) ViewSonic VG2227wm 1080P | OLD viewsonics
Case NZXT Tempest 410 Elite | NZXT Source 210
Audio Device(s) Onboard
Power Supply Corsair 750TX | Enermax Liberty 500W
Mouse MX518 | MX502
Keyboard TESORO Mechanical | ANZO Mechanical
Software Windows 10 Pro on both
#5
Joined
Aug 10, 2007
Messages
4,064 (1.06/day)
Likes
1,130
Location
Geneva, FL, USA
Processor Intel i5-6600
Motherboard ASRock H170M-ITX
Cooling Cooler Master Geminii S524
Memory G.Skill DDR4-2133 16GB (8GB x 2)
Video Card(s) Gigabyte R9-380X 4GB
Storage Samsung 950 EVO 250GB (mSATA)
Display(s) LG 29UM69G-B 2560x1080 IPS
Case Lian Li PC-Q25
Audio Device(s) Realtek ALC892
Power Supply Seasonic SS-460FL2
Mouse Logitech G700s
Keyboard Logitech G110
Software Windows 10 Pro
#6
i know. but i wonder how they were able to make that kind of coordination. sneaking the bugs into the pin pads could not be easy
I think that's what they said about a first-gen electronic voting machines. "Yeah, it's secure... except for this unlocked USB port". :D

Since you can buy one of these pin pads, you have all the time you need to become expertly familiar with it. Devise a way to bug it, practice, train others, etc.
 
Joined
Mar 31, 2007
Messages
1,895 (0.48/day)
Likes
162
Location
ontario canada
System Name home brew
Processor Intel Corei7 3770K OC @ 4.5Ghz
Motherboard ASUS P8Z77-V
Cooling Corsair H100
Memory 16GB DDR3 1600 GSKILL
Video Card(s) Powercolor Radeon 7970, MSI Radeon 7970
Storage Mushkin Chronos Deluxe 240gb. 2 TB Hdd.
Display(s) 3x24inch Dell Ultra IPS
Case CM storm trooper
Power Supply Antec Quattro OC ed. 1200w
Software Windows 7 Business x64
Benchmark Scores vantage: P43089
#7
You really have to be mindful of your bank account. Lots of these devices are vulnerable, even with the chip and pin system. B&N found it, but how many are still out there not found? Its worse with credit cards that have systems like pay pass. Then someone can just walk by you and scan your wallet.
 
Joined
Jul 21, 2008
Messages
4,436 (1.28/day)
Likes
1,050
Location
Clifton Park, NY
System Name [Uber Noober Setup]
Processor [i7 3770K]
Motherboard [MSI P67A-G45(B3)]
Memory [32GB Corsair Vengeance (8GBx4)]
Video Card(s) [EVGA GTX 1080]
Storage [128GB OCZ VTX4 SSD, 2TB Internal HDD]
Display(s) [2x 27" ASUS at 1920x1080p - 1x 34" Samsung at 1440p]
Case [Coolermaster CM 690]
Audio Device(s) [X-Fi XtremeGamer]
Power Supply [CORSAIR 850W]
Software [Windows 10 64-Bit]
#8
63 stores? Sounds more like an inside job