Best Buy: Hacker Attacks Are Increasing For Online Retailers

Several weeks ago, we told you how several Best Buy customers were complaining that someone out there was attempting to make bogus, phantom purchases through their BestBuy.com accounts. We wondered at the time if the retailer’s site had been a possible victim of someone cracking into its customer database, but Best Buy says these unfortunate incidents are the result of ramped-up efforts by scammers against BestBuy.com and other websites.

“We — along with a growing number of other retailers — are seeing increased attempts by hackers around the world to target customer accounts on BestBuy.com and other online retail sites, and compromise the stored user information,” a company rep tells Consumerist.

The company says that its user accounts — user names, passwords, other stored information — have not been compromised and that the scammers “appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts.”

As you know, any number of sites have had their user databases hacked, thus giving scammers access to user names and passwords that people might have used on other sites. And if you’re going to test a login and maybe make an illegal purchase, an electronics retailer seems like a good target.

“We are working to take care of our customers affected by these attacks,” adds the rep, “crediting their accounts for any unauthorized purchases, and requesting that they take the time now to protect their online information (such as updating their BestBuy.com account passwords, not using the same passwords across different accounts, etc.).”

Best Buy customers with immediate questions or concerns can call 1-888-BESTBUY.

In general, you should never use the same user name/password combination for multiple sites. Once someone has that info for one site, it’s incredibly easy for them to run a script that attempts that ID/password combo at numerous sites, hoping to hit just a few.

Comments

Edit Your Comment

  1. Cat says:

    Best Buy: “Hacker Attacks Are Increasing For Online Retailers, But Mostly For Best Buy, Because Hackers Also Hate Us.”

  2. Blueskylaw says:

    This sounds like natural selection doing its finest work.

  3. who? says:

    I do website security for a living. There’s absolutely no shortage of work out there.

    That said, the one biggest thing you can do to protect yourself is to use a different password on each site. If your account on the foot fetish website gets hacked, it isn’t a big deal. Unless you’re using the same username/password combo for your Zappos account.

    It’s just an example, but you get the idea.

    • cowboyesfan says:

      The better thing is to use a different email for each site.

      • who? says:

        That works too. The main thing is if hackers get a list of usernames and passwords, you don’t want someone to be able to go to another site and use the username and password combination that they get.

        If you haven’t done it already, sign up for google’s two-factor authentication. It’s slightly painful to use, but gmail passwords are the holy grail in the criminal hacker world, and anything you can do to protect your gmail account is worth the trouble.

  4. ferozadh says:

    Don’t worry the Geek Squad will help you defend against hacking attempts on your precious Best Buy account info. Oh what’s this? A Best Buy Costumer Servay from BestBuyIncLtd@Hotmail.com? $10 gift sertificate! gimme gimme

  5. Invader Zim says:

    Wonder if the combinations came from linkedin?

  6. Important Business Man (Formerly Will Print T-shirts For Food) says:

    Something tells me that there are more to these hacker stories. Have you ever seen that episode of Boondocks where the Wunclers were robbing houses just to beef up the demand for home security? Yeah, the Wuncler family owns the major brand home security in the show.

    • Invader Zim says:

      I remember a local auto glass replacement company that got busted breaking car windows.

  7. makingcentsofit says:

    My account was hacked today. I just spend the last three hours on the phone with BestBuy.com, the Best Buy bank (it was a Best Buy credit card on my account), and the police. Scariest part was they made it seem like this was rare and that they would “investigate” if I filed a police report first.

    I already changed my passwords but I think I’m going to cancel the card too. It’s not worth it to have when they don’t offer many incentives to use it over my AMEX and Visa.

    • makingcentsofit says:

      Just an additional comment to my last comment, I follow your site’s RSS feed and always laugh at the Best Buy articles yet I still fell victim. I thought it was a fishing email at first when I saw the email. But I went to bestbuy.com to check just in case and that’s why I saw a purchase had actually been made.

      The amount of run around I was getting from the Best Buy people, they don’t seem as helpful as the rep you spoke with for this article.

    • makingcentsofit says:

      My issue just got even more pathetic. Today I got a generic form email from them stating “Our investigation indicates that your account may have been accessed by these hackers. We are taking action now to help protect your account; we have disabled your current password, and ask that you take a few minutes to reset it. ”

      Nice form letter, they still refuse to refund the purchase. I did go to the police and file a police report about the fraud but I think I’m out the money.

    • makingcentsofit says:

      It get’s even better. They’re still “investigating” but today I got an email claiming my account was hacked and they’ve frozen it pending my verification of identity.

      Oh, and I filed a police report about the fraud and am waiting to hear back from the police.

  8. Latentius says:

    I don’t have any information on the online accounts, but there sure have been a ton of people coming into the store in the past couple weeks who received bogus emails/texts claiming they received a $200 (or some amount) gift card.

    If you don’t have a Best Buy account, it would be pretty easy to spot this as a fake, but if you do have one, and you’re not very internet-savvy, I can easily see a number of people clicking a link inside such an email, trying to get the free gift card, and potentially handing their login information over to a phishing attack. Not sure if that’s linked to this, though, because the victims should remember such an out-of-the-ordinary event.

  9. alexwade says:

    Here are a few tips I use:

    * Use the PwdHash add-on for FireFox or Chrome. It makes your password unique for each site. The only websites I don’t use PwdHash are for websites that use external devices, such as Pandora radio.
    * I have a password-protected Excel spreadsheet with a different password than I use for anything else. This Excel spreadsheet stores the security question answers for websites with each security question being a bogus answer. Since I have Windows 7 Ultimate, this file is also encrypted using Windows, meaning is my Windows password is hacked the file is useless. Most people don’t have Windows XP/Vista/7 Ultimate or Professional.
    * Using PwdHash or not, my passwords cannot be guessed by knowing anything about my life. No dog names, no family names, nothing from my past.
    * For password where I can’t use PwdHash, I like to use characters in the password, such as ~ ! @ # $ % ^ and so on.
    * I also don’t let websites store my credit card information, if possible.

  10. MissingNumber says:

    Almost forgot it was Monday.

  11. aleck says:

    Two things that are easy to do and cover a lot of situations like that:
    - never store a credit card at a site, unless you buy a crapload of stuff there
    - never use real credit card numbers online. Get a card that provides virtual numbers (citi, discover) and use it

    It is a bit more work, but I never sweat when reading “Hackers broke into … website”. They can get into my BestBuy account any day.

  12. incident_man says:

    People actually buy stuff from Worst Buy’s website? They don’t feel masochistic enough by walking into their stores?