- 12 iPhones Apps That Will Make You a Networking Star
- 10 Careers Robots Are Taking From You
- Big Data Gold Isn't Always Where You Would Expect It
- 6 Tips to Build Your Social Media Strategy
IDG News Service - Some Best Buy customers had doubts about the authenticity of account security notifications sent by the company via email on Friday.
The email messages were signed by Lisa Smith, Best Buy's vice president of enterprise customer care, and informed recipients that their bestbuy.com passwords had been disabled because their accounts may have been accessed by hackers.
BRUCE SCHNEIER: The Internet has created 'the largest trust gap' in history
"We are currently investigating increased attempts by hackers around the world to access accounts on BestBuy.com and other online retailers' e-commerce sites," Smith said in the emails. "These hackers did not take username/password combinations from any Best Buy system; they appear to be using combinations taken elsewhere in an attempt to gain access to BestBuy.com accounts."
Affected customers were instructed to click on a link in order to reset their passwords and then validate the personal information stored in their accounts.
Because cybercriminals sometimes use similar instructions to trick users into visiting phishing websites, some Best Buy customers questioned the authenticity of the company's email alerts.
"The links do not begin with http://www.bestbuy.com, nor are the links SSL encrypted, so I am wondering if it is real or not," a user said on the Best Buy community forums. "Is this real or a scam by the hackers?" another customer asked on Facebook.
A Best Buy employee named Marti confirmed that the email messages are authentic via the company's official Facebook account.
"While this situation is not a result of any breach of Best Buy systems, we are continuously working to take care of our customers, and to request that they take the time now to protect their online information (such as updating their BestBuy.com account passwords, not using the same passwords across different accounts, etc.)," Marti said.
Security experts have long warned users against the use of a single password across multiple websites or online services, because it significantly increases the impact of a potential breach of their log-in credentials.
There are free password management applications that can help users create and maintain unique passwords for each of their online accounts. Most of them integrate well with browsers and have auto-complete functionality.