Continuing [24]7.Ai Data Breach: Best Buy might also be affected

Best Buy among the victims of (24)7.ai data breach

Soon after Delta and Sears data breaches^[1] were officially confirmed, Best Buy has been reported as another company that might have been affected during the (24)7.ai hack. According to experts, the cyber attack against (24)7.ai, a third-party operator of tech-support services, affected a considerable amount of Best Buy customers.^[2]

Best Buy, the leading provider of technology products and services, approved that personal information of a “small fraction” of its customers might also been leaked through the (24)7.ai hack, which has been initiated between September 26, 2017, and October 12, 2017.

The primary data collected by Best Buy and the governmental institutions indicates the fact that hackers managed to collect names, addresses, credit card details. and other personal information. However, the company did not specified the number of potential victims yet. Company's spokesperson reply to the Best Buy data breach^[3] was:

As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.

The information hasn't yet been approved. The company says personal details MIGHT have been leaked

(24)7.ai, the company providing 24/7 customer support service for companies including Sears and Delta Holdings,[ref en-14 American Express, AT&T, Citi, eBay, Farmers Insurance and Hilton, revealed access of unauthorized parties to its servers on September 26, 2017. The vulnerability has been patched on October 12, 2017, meaning that hackers had 15 days to collect targeted information.

The company claims that its chat server has been infected with malware, thus exposing personal information, including names, addresses, credit card details, etc. at the risk of exposure.

Nevertheless, none of the companies (Delta, Sears, and Best Buy) officially confirmed that personal information was stolen and was capable identifying the victims. However, to prevent identity theft and money loss that the unsuspecting customers can experience, they urge to check the balance of the credit card details and change credentials as soon as possible.^[4]

Best Buy submitted the website to answer customers' questions

To address people's concern, Best Buy introduced a site explaining the scandal of (24)7.ai breach and providing all information about the incident in one place. The company promises to contact each victim as soon as it, along with governmental institutions, will analyze the issue in details.

We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case. We will contact any affected customers directly and want to assure them that they will not be liable for fraudulent charges that result from this issue. Additionally, free credit monitoring services will be available if needed.

Blackhats wonder if other (24)7.ai customers haven't been affected

Sears, Delta and Best Buy are just a few companies that are using (24)7.ai customer support services. American Express, AT&T, Citi, eBay, Farmers Insurance and Hilton companies^[5] has established partnership with (24)7.ai long time ago.

Thus, experts wonder if personal details, be it “a small fraction” of customers or big, haven't been leaked. Those who care about cybersecurity are recommended to change the passwords of credit cards if possible and monitor the credit cards carefully. In case of any irregular payment, people are urged to contact the manufacturer of the credit or debit card and ask to suspend it.