Online retailer Zappos.com hit by hackers
Tuesday, January 17, 2012
, one of the largest online retailers of shoes and apparel, disclosed Sunday that it was hit by a . The attack compromised as many as 24 million accounts. Personal data may have been taken, but numbers are encrypted and thus cannot be stolen.
Information that may have been compromised includes customers shipping addresses, phone numbers, email addresses, account passwords and the last four digits of any credit card used. Though credit card numbers are encrypted by the, other personal information is often not. This is common practice among websites.
|... there's no one fighting for the individual consumer whose e-mail address falls into the possession of hackers.
Todd Feinman of Identity Finder told, "Visa and MasterCard fight to protect credit card numbers, but there's no one fighting for the individual consumer whose e-mail address falls into the possession of hackers."
Zappos.com required its users change their account passwords. It notified users of the required change and updated on the situation through an email. They also advised users to change their password on other websites if it is similar to the one used on Zappos.
In a blogpost, Zappos CEO Tony Hsieh said "We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."
- Byron Acohido. "Hackers swipe Zappos data; customers should change password" — , January 16, 2012
- Tony Bradley. "Zappos Hacked: What You Need to Know" — , January 16, 2012
- Tony Hsieh. "Security email" — , January 16, 2012