Major hacker attack targets library service; users must change PINs

The e-book service Biblio, which serves numerous Swedish libraries, has been subjected to a significant cyberattack. The breach allowed attackers to create an estimated 8,000 new user accounts within a few hours, suggesting they gained access to a substantial amount of loan card data and associated PINs.

“

Approximately 8,000 new accounts were created in a few hours across four different libraries.

Jeppe Nyrup, marketing director at Wedobooks, the provider of Biblio, stated that the attack involved "borrowers" taking out books and immediately returning them until the maximum loan limit was reached, before the next "borrower" began. This pattern was observed across four different libraries initially, and later extended to 78 libraries, affecting older users as well.

“

This indicates that 'someone has access to a large amount of loan card data with associated PIN codes'.

In response, Biblio has temporarily suspended logins that use loan cards or personal identification numbers with a four-digit PIN. Logins via email remain active. Stockholms stadsbibliotek, one of the affected institutions, has taken the precautionary measure of resetting the PINs for all its borrowers. The motive behind the attack remains unclear, with possibilities ranging from disruption to testing system vulnerabilities. Nyrup also noted that the login method using loan cards and PINs is not considered sufficiently secure, and discussions are underway to implement a more robust solution.

“

We don't know where it leaked from.