Best Buy warning users of account compromise?
Posted on 10 July 2012.
Best Buy has apparently been deactivating some of its users' accounts and notifying the owners about it via email.

"We are currently investigating increased attempts by hackers around the world to access accounts on and other online retailersí e-commerce sites," it says in the email.

"These hackers did not take username / password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to accounts."

According to the email, the recipients have had their account accessed by hackers, and Best Buy reacted by disabling the password and asking the users to reset it.

Even though the email looks pretty legitimate, some users have expressed their worry that it might not be. After all, they included a direct link that supposedly takes the user to the password reset page - a technique often used by phishers.

Some of the most savvy users have refrained from following it, choosing instead to access their accounts via the usual login page.

Some of them also apparently managed to get in with the old password, making them doubt the legitimacy of the email. Also, it seems that Best Buy has still not officially acknowledged the problem, which increased the users' suspicions.

Other users followed the link, reset the password, logged in with the new password and preemptively deleted the credit card information contained in the account.

"I do not use the same password across different websites which makes me believe that Best Buy has a larger security breach on their hands compared to what they said," commented one of the users whose account has been breached.


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st