CONFERENCE Now Live: CISO Forum Virtual Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Best Buy Warns Customers of Account Hacking Attempts

After detecting an increase in malicious attempts to access user accounts, the retail giant Best Buy is alerting customers to reset their passwords. However, it appears that the warning is confusing some users.

The letter starts as one would expect; “Dear Valued Best Buy Customer.” From there, the message to customers says that the company is investigating increased attempts from attackers around the globe, who appear to be targeting BestBuy.com and other e-commerce sites.

After detecting an increase in malicious attempts to access user accounts, the retail giant Best Buy is alerting customers to reset their passwords. However, it appears that the warning is confusing some users.

The letter starts as one would expect; “Dear Valued Best Buy Customer.” From there, the message to customers says that the company is investigating increased attempts from attackers around the globe, who appear to be targeting BestBuy.com and other e-commerce sites.

Attackers Hit Best Buy“These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts,” the letter states.

“Our investigation indicates that your account may have been accessed by these hackers. We are taking action now to help protect your account; we have disabled your current password, and ask that you take a few minutes to reset it.”

The letter was delivered using the company’s mass mailing system, and the links embedded within were not SSL enabled. Thus, some of Best Buy’s more technical clients were skeptical of the message’s sincerity. When asked if the letter was legit, an employee monitoring the corporate Facebook account confirmed the warning.

Some customers said that despite the fact the letter told them their password was reset, they were able to access their accounts using the old credentials. Best Buy had no answers there.

It isn’t clear if there was a breach, or if the letter is complete and the retailer is reacting to an increase in probes and attempts to breach their systems. Either way, customers who have online accounts with Best Buy are being encouraged to change their passwords in order to be on the safe side.

A copy of the warning letter is here.  

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

Application security firm Black Duck has appointed Sean Forkan as Chief Revenue Officer.

Jared Bartel has been named CISO at Idaho State University.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.