Best Buy: Hackers are trying to access online customer accounts

Some customers questioned the authenticity of email security alerts received from Best Buy

Lucian Constantin (IDG News Service)
10 July, 2012 13:52
Comments

Some Best Buy customers had doubts about the authenticity of account security notifications sent by the company via email on Friday.

The email messages were signed by Lisa Smith, Best Buy's vice president of enterprise customer care, and informed recipients that their bestbuy.com passwords had been disabled because their accounts may have been accessed by hackers.

"We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers' e-commerce sites," Smith said in the emails. "These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts."

Affected customers were instructed to click on a link in order to reset their passwords and then validate the personal information stored in their accounts.

Because cybercriminals sometimes use similar instructions to trick users into visiting phishing websites, some Best Buy customers questioned the authenticity of the company's email alerts.

"The links do not begin with http://www.bestbuy.com, nor are the links SSL encrypted, so I am wondering if it is real or not," a user said on the Best Buy community forums. "Is this real or a scam by the hackers?" another customer asked on Facebook.

A Best Buy employee named Marti confirmed that the email messages are authentic via the company's official Facebook account.

"While this situation is not a result of any breach of Best Buy systems, we are continuously working to take care of our customers, and to request that they take the time now to protect their online information (such as updating their BestBuy.com account passwords, not using the same passwords across different accounts, etc.)," Marti said.

Security experts have long warned users against the use of a single password across multiple websites or online services, because it significantly increases the impact of a potential breach of their log-in credentials.

There are free password management applications that can help users create and maintain unique passwords for each of their online accounts. Most of them integrate well with browsers and have auto-complete functionality.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

Comments are now closed.

Share
Share this article1
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Modernizing Security for the Small and Mid-Sized Business – Recommendations for 2013 (Sponsored by McAfee)

As small and mid-sized businesses (SMBs) take advantage of the compelling benefits of the transformations in their IT computing infrastructure they should also re-think how they deal with the corresponding vulnerabilities, threats and risks. Specifically, email security, web security and secure file sharing should be considered foundational security capabilities for every small and mid-sized business, in addition to anti-virus and firewalls.

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

ACA Pacific

Quantum Alliance Program Offers! Latest Quantum Alliance Sales Reward Offers.

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Latest Jobs