"We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers’ e-commerce sites," it says in the email.
"These hackers did not take username / password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts."
According to the email, the recipients have had their account accessed by hackers, and Best Buy reacted by disabling the password and asking the users to reset it.
Even though the email looks pretty legitimate, some users have expressed their worry that it might not be. After all, they included a direct link that supposedly takes the user to the password reset page - a technique often used by phishers.
Some of the most savvy users have refrained from following it, choosing instead to access their accounts via the usual login page.
Some of them also apparently managed to get in with the old password, making them doubt the legitimacy of the email. Also, it seems that Best Buy has still not officially acknowledged the problem, which increased the users' suspicions.
Other users followed the link, reset the password, logged in with the new password and preemptively deleted the credit card information contained in the account.
"I do not use the same password across different websites which makes me believe that Best Buy has a larger security breach on their hands compared to what they said," commented one of the users whose account has been breached.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.