Modernizing Authentication — What It Takes to Transform Secure Access
Best Buy recently began sending e-mails to customers notifying them that their accounts may have been hacked.
"The email, which went out Friday, says in part: 'We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers’ e-commerce sites. These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts,'" writes MSNBC's Suzanne Choney.
"The email does not say how many Best Buy customers have been affected, nor does it say exactly how the 'combinations' of data might have been acquired," notes Dark Reading's Tim Wilson.
"The Richfield-based electronics chain is reminding customers to regularly change their online information," writes The St. Paul Pioneer Press' Tom Webb. "For customers whose accounts have been illegally accessed, Best Buy said it is working to credit those accounts and is urging the customers to change their passwords."https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
"Even though the email looks pretty legitimate, some users have expressed their worry that it might not be," writes Help Net Security's Zeljka Zorz. "After all, they included a direct link that supposedly takes the user to the password reset page -- a technique often used by phishers. Some of the most savvy users have refrained from following it, choosing instead to access their accounts via the usual login page. Some of them also apparently managed to get in with the old password, making them doubt the legitimacy of the email."