Best Buy Warns Users of Account Hacking Attempts, Advises Password Reset


Looks like the retail giant Best Buy has detected some malicious attempts to access its customer accounts, which is why it has issued a warning to its customers advising them to change their account passwords immediately. Best Buy issued the warning letter via its mass mail system to advise its customers, but somehow it left the users in a confused state.

Here’s an extract from the letter:

“Dear Valued Best Buy Customer,
The company is investigating increased attempts from attackers around the globe, who appear to be targeting and other e-commerce sites. These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to accounts,” the letter states. Our investigation indicates that your account may have been accessed by these hackers. We are taking action now to help protect your account; we have disabled your current password, and ask that you take a few minutes to reset it.”

What is quite confusing is that when some Best Buy customers said they were able to access their accounts using the old credentials, the company had no answers there. So, is it really a security breach or the Best Buy is just taking some security measures to avoid any breach?

Anyways, this is not the first time that Best Buy has faced the hacking attempt. Back in April 2011, a data breach at Epsilon exposed the email addresses and names (email addresses only, not passwords) of customers from several large companies, including Best Buy. The unauthorized entry into Epsilon’s email system prompted Best Buy to distribute warning and information emails, putting out public statements regarding the possibility that their customers’ email addresses may have been stolen.

Data breach and hacking has become quite prominent these days; not a day passes when we do not hear about any such news. The most recent is the Formspring, which disabled all their users’ passwords two days back, because of a security breach. They advised their users to change their passwords immediately, urged not to put their email address, address or phone number in their Formspring profile, and log off their accounts after using public or shared computers. Just yesterday, the company announced that the breach was resolved.

It’s good that Formspring discovered the attack so early, as we have seen the circumstances when companies discover the outage and attacks after a long time. One such incidence is of Cryptic Studios, which discovered in April this year that their systems were hacked back in December 2010! The company also issued a statement that enlightens readers that they discovered the hack from almost a year and a half ago due to heightened security audits.

Besides, we heard about hacked Steam’s forum last year, that suddenly went down for maintenance while the forum members who were online at the time of hack stated receiving spam mails. Later, Steam also made an announcement about the hack that affected their service in November 2011, where Gabe Newell, CEO of Steam, told users that while hackers had not accessed Steam passwords, they did get personal and financial information from a backup database. Grab the detailed statement issued by the Steam here.