Best Buy has apparently been deactivating some of its users’ accounts and notifying the owners about it via email.
“We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers’ e-commerce sites,” it says in the email.
“These hackers did not take username / password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts.”
According to the email, the recipients have had their account accessed by hackers, and Best Buy reacted by disabling the password and asking the users to reset it.
Even though the email looks pretty legitimate, some users have expressed their worry that it might not be. After all, they included a direct link that supposedly takes the user to the password reset page – a technique often used by phishers.
Some of the most savvy users have refrained from following it, choosing instead to access their accounts via the usual login page.
Some of them also apparently managed to get in with the old password, making them doubt the legitimacy of the email. Also, it seems that Best Buy has still not officially acknowledged the problem, which increased the users’ suspicions.
Other users followed the link, reset the password, logged in with the new password and preemptively deleted the credit card information contained in the account.
“I do not use the same password across different websites which makes me believe that Best Buy has a larger security breach on their hands compared to what they said,” commented one of the users whose account has been breached.