Best Buy Warns of Data Breach (usatoday.com)

← Back to Stories (view on slashdot.org)

Best Buy Warns of Data Breach (usatoday.com)

Posted by BeauHD on Friday April 6, 2018 @10:20AM from the heads-up dept.

Best Buy, along with Delta Air Lines and Sears, says that [24]7.ai, a company that provides the technology backing its chat services, was hacked between September 27 and October 12, potentially jeopardizing the personal payment details of "a number of Best Buy customers." The electronics company said in a statement that "as best we can tell, only a small fraction of our overall online customer population could have been caught up in this... incident whether or not they used the chat function." They will reach out to customers who were impacted.

11 of 25 comments (clear)

Min score:

Reason:

Sort:

This is routine by silverkniveshotmail. · 2018-04-06 10:29 · Score: 2

I'm not surprised or outraged anymore. On the bright side, credit monitoring is basically free for everyone forever.
There is a simple solution by Anonymous Coward · 2018-04-06 11:22 · Score: 1

For in-store purchase, CASH!!!
1. Re:There is a simple solution by tlhIngan · 2018-04-09 04:39 · Score: 1
  
  For in-store purchase, CASH!!!
  Except it wasn't in-store purchases that were hacked. It was online purchases - the chat software was a SaaS package Best Buy, Sears, etc. all used that got hacked.
  It's not about Point of Sale machines being hacked (this time), but how one company has software used by lots of other companies got hacked. Closest example would be bad ads being served up, except instead of the site hosting the ad, it was a piece of utility software instead.
Monotonous! by mschaffer · 2018-04-06 11:55 · Score: 2

Let me know when someone hasn't been breached.
The real news is that nothing important is being done about it.
Nobody gets punished. Nothing happens except waiting for the next one.
1. Re: Monotonous! by ArmoredDragon · 2018-04-06 14:24 · Score: 1
  
  Hmm...no. I know for a fact that they're going to get fined by PCI. PCI-DSS is in many ways like HIPAA: It gives vague details about how your network and servers should be secured, (for example it says networks should be "segmented" with no clarification at all if vlans suffice) and basically "do your best". If payment details get leaked, then guess what? You didn't do enough to secure your network, so have a fine.
  Though PCI also has a reputation of being in the business of fining anyone who processes credit cards. If they don't have a reason to fine you, then they might create one by saying you weren't following one of their vague rules, even if there hasn't been a data breach. This is why a lot of businesses prefer to use a company like square to process the payment data. Best buy isn't one of those, however, because they store their own credit card data.
Why? by srichard25 · 2018-04-06 12:06 · Score: 2

Why would technology backing chat need any access to payment information?
1. Re:Why? by tlhIngan · 2018-04-06 20:30 · Score: 1
  
  Why would technology backing chat need any access to payment information?
  The problem was the chat software was hacked. So when you try to check out and enter your payment information, that little box that pops up asking if you need support then snarfs the data from the web page.
  Basically, all these companies use a SaaS package from a company who was breached. That breach caused the software used to get the ability to steal information. It's less about Best Buy et al. storing the payment information, and more of a rogue script in a SaaS package they use grabbing the data in flight.
  There's probably way more companies who are going to find out they were customers of [24]7 as well.
How to keep your information from being compromise by Hallux-F-Sinister · 2018-04-06 14:40 · Score: 1

Donâ(TM)t ever tell your personal information to anyone. Thatâ(TM)s the closest way you can come to protecting it. Itâ(TM)s just the reality today, and itâ(TM)s why we canâ(TM)t have nice things. Itâ(TM)s too late for me, as everyone on the dark web knows everything about me... I may have to give up all my stuff, and learn how to speak Amish.

--
Our reign has gone on long enough. Indeed. Summon the meteors.
Who ya gonna call to clean up a mess like this? by SpzToid · 2018-04-06 22:13 · Score: 1

Geek Squad!

The FBI paid Best Buy Geek Squad employees as informants, rewarding them for flagging indecent material when people brought their computers in for repair.

--
You can't be ahead of the curve, if you're stuck in a loop.
Re:How to keep your information from being comprom by Ol+Olsoc · 2018-04-07 01:57 · Score: 1

I may have to give up all my stuff, and learn how to speak Amish.
It's similar to English Canadian. Now let's get you a name - Caleb has a nice ring.
But it isn't all bad, if google searches for "Amish Porn" are any indication.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
TRANSLATION by JustAnotherOldGuy · 2018-04-07 04:14 · Score: 1

"as best we can tell, only a small fraction of our overall online customer population could have been caught up in this... incident"
Lol, "as best we can tell"
TRANSLATION: "They got all your data, every bit of it, but we're going to reveal this in a series of press releases in order to desensitize you to the scope of the loss."

--
Just cruising through this digital world at 33 1/3 rpm...