Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Best Buy Warns Customers of Account Hacking Attempts

After detecting an increase in malicious attempts to access user accounts, the retail giant Best Buy is alerting customers to reset their passwords. However, it appears that the warning is confusing some users.

The letter starts as one would expect; “Dear Valued Best Buy Customer.” From there, the message to customers says that the company is investigating increased attempts from attackers around the globe, who appear to be targeting BestBuy.com and other e-commerce sites.

After detecting an increase in malicious attempts to access user accounts, the retail giant Best Buy is alerting customers to reset their passwords. However, it appears that the warning is confusing some users.

The letter starts as one would expect; “Dear Valued Best Buy Customer.” From there, the message to customers says that the company is investigating increased attempts from attackers around the globe, who appear to be targeting BestBuy.com and other e-commerce sites.

Attackers Hit Best Buy“These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts,” the letter states.

“Our investigation indicates that your account may have been accessed by these hackers. We are taking action now to help protect your account; we have disabled your current password, and ask that you take a few minutes to reset it.”

The letter was delivered using the company’s mass mailing system, and the links embedded within were not SSL enabled. Thus, some of Best Buy’s more technical clients were skeptical of the message’s sincerity. When asked if the letter was legit, an employee monitoring the corporate Facebook account confirmed the warning.

Some customers said that despite the fact the letter told them their password was reset, they were able to access their accounts using the old credentials. Best Buy had no answers there.

It isn’t clear if there was a breach, or if the letter is complete and the retailer is reacting to an increase in probes and attempts to breach their systems. Either way, customers who have online accounts with Best Buy are being encouraged to change their passwords in order to be on the safe side.

A copy of the warning letter is here.  

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...