Best Buy is reportedly still distributing an email to patrons of its online store, warning that an investigation is currently underway regarding increased attempts by hackers from around the world. The email claims that hackers are trying to access accounts on BestBuy.com and other online retailers’ e-commerce sites, and is signed by Lisa Smith, Vice President of Best Buy Enterprise Customer Care.
"These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to accounts," Smith reports. "Our investigation indicates that your account may have been accessed by these hackers. We are taking action now to help protect your account; we have disabled your current password, and ask that you take a few minutes to reset it."
Yet many customers are left scratching their heads, asking if the email is legit. To reactivate the account, Best Buy customers are instructed to click on a link, establish a new password, and then validate that the new password is indeed correct. This is probably where many consumers are questioning the legitimacy of the email, as this is the tactic used by most email-related malware attacks. Even more, the link isn't SSL encrypted, leading to additional suspicion.
But according to a Facebook response by a Best Buy employee named Marti just last week, the threat and accompanying email is in fact a real deal.
"This was sent out to customers as an alert," Marti responded to a question from a Facebook user regarding the email's legitimacy. "At Best Buy, the privacy of our customers’ information is of utmost importance. We – along with a growing number of other retailers – are seeing increased attempts by hackers around the world to target customer accounts on BestBuy.com and other online retail sites, and compromise the stored user information."
"While this situation is not a result of any breach of Best Buy systems, we are continuously working to take care of our customers, and to request that they take the time now to protect their online information (such as updating their BestBuy.com account passwords, not using the same passwords across different accounts, etc.)," the reply adds."
Best Buy's Facebook page doesn't appear to mention the hacking attempts, yet the comments made by the Best Buy employee are nearly identical to the response provided to queries from The Consumerist back in June. What's troubling is that Best Buy customers are still receiving warning emails, as this particular case was posted by the Facebook user on July 6, thus resulting in Marti's recent response.