Best Buy: Hackers are trying to access online customer accounts
- 10 July, 2012 13:52
Some Best Buy customers had doubts about the authenticity of account security notifications sent by the company via email on Friday.
The email messages were signed by Lisa Smith, Best Buy's vice president of enterprise customer care, and informed recipients that their bestbuy.com passwords had been disabled because their accounts may have been accessed by hackers.
"We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers' e-commerce sites," Smith said in the emails. "These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts."
Affected customers were instructed to click on a link in order to reset their passwords and then validate the personal information stored in their accounts.
Because cybercriminals sometimes use similar instructions to trick users into visiting phishing websites, some Best Buy customers questioned the authenticity of the company's email alerts.
"The links do not begin with http://www.bestbuy.com, nor are the links SSL encrypted, so I am wondering if it is real or not," a user said on the Best Buy community forums. "Is this real or a scam by the hackers?" another customer asked on Facebook.
A Best Buy employee named Marti confirmed that the email messages are authentic via the company's official Facebook account.
"While this situation is not a result of any breach of Best Buy systems, we are continuously working to take care of our customers, and to request that they take the time now to protect their online information (such as updating their BestBuy.com account passwords, not using the same passwords across different accounts, etc.)," Marti said.
Security experts have long warned users against the use of a single password across multiple websites or online services, because it significantly increases the impact of a potential breach of their log-in credentials.
There are free password management applications that can help users create and maintain unique passwords for each of their online accounts. Most of them integrate well with browsers and have auto-complete functionality.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Top 10 tips for Migration
As users bring multiple devices to the workplace, IT departments need to have a single view of all their mobile devices. Find out how to build a secure and reliable management platform for next generation mobile computing across multiple platforms. Click for more!
Agentless Security for Virtual Environments
Virtualised datacentres, desktops, and cloud computing should be secured by the same strong protection technologies as physical machines. However, traditional agent-based solutions that are not architected for virtualisation can result in a number of significant operational security issues. Find out more about the first agentless security platform solution.
Endpoint Security and Virtualisation
Besides form factor, virtual systems are not really that different than physical systems. They both use the same operating systems and applications. They both present users with computing resources such as RAM and hard drives. Consequently, the ability to exploit vulnerabilities in a physical environment will present a significant threat to virtualised environments as well. This paper examines the different endpoint security methods for virtualised environments and presents how Endpoint Protection security provides optimal performance, protection and manageability.