Attempting to Track Down Whoever Hacked My Best Buy Account

best buy account hacked

This morning I was alerted to something strange going on with my online Best Buy account. It turns out, someone got a hold of my account, probably by brute force hacking the terrible password I had used, and ordered 2 computers and an iTunes gift card. After a little sleuthing of my own I have a little more insight into how this asshole tried to cover up his tracks, which he didn’t do very well… which leads me to believe he’s never done this before. So I wanted to make this post in order to warn people, and make them aware of how easily this could happen, and what to look out for.

I wouldn’t know it until this morning, but the weirdness that happened with my email account yesterday has to be connected to all of this. We were out at a street fest in Chicago looking at some classic cars, you can buy a monte carlo lowrider from Zemotor, when my phone went nuts in pocket alerting me to 100 new emails. I get a decent amount of emails, but never 100 at once, so I thought it was kind of strange. What was even stranger was that all of the emails were sent to me from myself and only contained the text “FBI BEAT” followed by some numbers. I didn’t think anything of it at the time, but after deleting all of the emails from my inbox this morning it finally made sense.

best buy account hack gmail inbox
This is what my inbox looked like…

As a shitty attempt to hide the Best Buy Confirmation email that came through my inbox, whoever hacked my account decided to flood my inbox with garbage in hopes that I wouldn’t see the email from Best Buy. I don’t know if he just thought I wouldn’t clear out all this crap in my inbox or that I just wouldn’t notice the confirmation email after I did…. either way it was a terrible attempt at covering his tracks. I used the best live tracker on Tracking System Direct.

Now, I’m hoping he wasn’t even dumber in using his real name and address when he had the stuff shipped to his house (which never made it anyways, since I canceled the order, changed my password, canceled the credit card and had a new one issued). But if he was that stupid, I now had his name and an address: Samuel Alves 6 Crescent St #402, Lawrence, MA 01841… and no, I have no shame in putting this information out there.

best buy account hack confirmation email
Best Buy confirmation email

First lets talk about the address. There’s absolutely no way that this guy has the exact same APT number that I do, so clearly he forgot to remove that when he edited the shipping/billing addresses under my Best Buy account. He also forgot to remove my middle initial from the other account pages so I can’t be sure of that information. As for the house at 6 Crescent St in Lawrence, MA 01841, it’s currently for sale. There are a few pictures of the house on that site, but unfortunately this isn’t CSI and I can’t enhance the license plates on the cars to get a number (not that I could do much with the plate number anyways). My guess is that whoever placed this order found a house that is abandoned and was having the packages sent there so that he could intercept them. And after a little more digging, I’m thinking the name is fake as well. Sam Alves is the name of a contestant from the 4th season of the TV show “The Voice”, so I’m hoping it’s not this kid trying to rip me off.

best buy in store pickup to drop house
Distance between drop house and in-store pickup Best Buy

You will also notice that the first order placed, for the Apple iTunes Gift Card, was different than the other purchases. It looks like that purchase was for in-store pickup and not for a delivery. And not that it really proves anything other than the suspect must live in that area, as the Best Buy location and the house on Crescent Street are only about 30 minutes away from each other. So if I had to guess, I would say this person lives somewhere in between, which would be Lowell, but a search of Sam Alves’ in Lowell doesn’t turn up anything except for a Samuel Alves who commented on singing in the Soulfest Choir there back in 2009… which would steer me back towards our guy from The Voice, which can’t be the guy…  I’m guessing that first order was just to see if it would go through and the guy had no intention of picking up the merchandise. But why would you test purchase an in-store pickup when you know that it sends emails to the account holder telling them when their order will be ready for pick up? Especially when, on other screens, it still had my email and phone number attached to the account. I think the first thing you’d want to do is change that information so that the confirmations don’t go directly to the person your scamming… And no, I don’t think my email was hacked as I use Google’s 2-step verification, since my account was compromised a couple years ago.

There’s not much more I can do at this point, I’ve already alerted Best Buy’s fraud department, changed my password, removed all of the addresses that this guy saved to my account, made sure there were no extra email addresses or phone numbers attached, and had my best buy credit card canceled and a new one issued. I’ve dealt with credit card fraud before through my bank, but never through Best Buy, so hopefully this doesn’t happen again and the fraud department finds some leads, but if anyone out there feels like doing a little sleuthing, go right ahead, just let me know what you find.