Online retailer Zappos.com is asking its 24 million customers to reset their passwords after a cyberattack, according to a posting on the company's website.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," says the posting, which was sent out as an e-mail from company CEO Tony Hsieh to Zappos employees on Sunday.
The company said it had expired and reset customers' passwords and would be sending an e-mail with further instructions to all its customers. It also posted password reset instructions on its website.
Zappos said that hackers gained access to customers' names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.
Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.
Because it expects a deluge of phone calls related to the hacking, Zappos said it was temporarily turning off its phones and would answer all inquiries by e-mail.
"If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place," the company's e-mail to employees said.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said..
The e-mail also went out to customers of Zappos discount website, 6pm. com.
While large, the hacking attack was not the largest of the past year. In April, Sony's PlayStation Network, with 70 million customers, was hacked, with an "unauthorized person" obtaining users' names, home addresses, e-mail addresses, birth dates and passwords, according to Sony.
© 2012 Cable News Network. Turner Broadcasting System, Inc. All Rights Reserved.
| Advertising practices | Advertise with us | About us | Work for us | Help
Ya know my first thought was, "that's so sad to happen to someone who's just trying to make a living", meaning the company's owner. Second thought was, Hmmm wonder if other *hackings* into businesses where fakes from the company it self for free publicity. Well ? It could happen.
Or, it could be aliens from Zork. Can I borrow your tin foil hat?
Don't use logic or you will be called a crazy conspiracy theorist.
Who do you REALLY think creates computer viruses, worms, trojans, etc? Big computer anti-virus corporations. That's how the world works. But the kiddies don't want to accept it.
It could happen, and some people claim any publicity is good publicity. However, what your suggesting is like a bank faking a vault robbery in order to get more customers. Not gonna happen.
That makes a lot of sense. Invent a cyber attack which may make customers think their personal information including credit card numbers etc. may have been stolen in order to gain free publicity. I've got another idea for free publicity: A restaurant could create a false report with the heath department that it is infested with rats which would certainly make the evening news. Business would certainly double if not triple.
Ok, whoa, way off there! Why would, I, try to eat at a restuarant that "claims" to be infested with rats? A little common sense and elbow grease here, do you really think customers at some clothing manufacturer is going to buy more of their products after a cyberattack, let alone stick with their online accounts? Rather drive over to a Gap store and buy new pants than do something as asinine as that to the point where it's saying, "Hey I am an overly persistent customer at a high profit clothing company! Hack me!"
If that's the case then they went too far cause someone charged $420.00 to my bank card over a week ago and it wasn't me. I had to cancel my card and was able to cancel the order that was being shipped to somoene in Murray, Kentucky. I live in Indiana and they had my mailing address and my credit card number!
Someone charged my debit card over $400 to Zappos over a week ago and it wasn't me. Had to wait over a week to get my money back! Also had to cancel my card!
That sucks!
reset your passwords... never mind all the other personal info they obtained.
And you always read "we won't contact you by email"... and yet they are.
The "not contacting by e-mail" is normally used either to mean "we won't solicit you by e-mail" or to try to ensure the customer doesn't respond to hackers attempting to get account access by sending one of the phony "please give us your info again" e-mails. This one was telling the customers about the hacking, and advising them to make sure they reset their passwords. Big difference. And as for Zappos telling customers to reset and/or monitor other info, is it their responsibility to make sure the customer is a big girl (or boy) and takes care of all that? Nope.
THAT SUCKS.. well i;'ll guess i'll change it to 7654321...
Hey – That's MY password, you can't use that one!
That was Zappos pw. Don't use it. It's been hacked!
@ Never Assume, Anything can happen in this life. C'mon man give me a break! I only got 2 hats left, go get your d a m n hat. lmao
Rather "your *own* d a m n hat"
Don't blame Zappos it's not their fault, make it impossible to hack and there will be no hacking. The answer is pretty clear hear, things are way to wide open. Internet and anonymity mix like water and oil, they don't. It's time to put a fingerprint to every browsing session.
Be careful what you wish for. This could all be a set up and the next step toward the communist takeover by the wacko leftists in our own US govt in order to protect us from ourselves. I do not want BIG BRO looking everywhere I go for no reason.
Let me assure you, you cannot look over your should every day, even if you feel like something is watching and it really is for good reason. The fact that big brother is watching everyone is derogatory, but true because how do you think the we know how many people are currently walking the planet. As for what Mike said about the fingerprinting is an ingenus idea since, like neighbors, you can never know your customers well. A relative of mine once told me that the NRA should recommend arms shops to install fingerprinting devices for background checks and she said the same thing about banks. Maybe if we want to at least quash hacking in the digital system, we can at least try to know who our enemies are before securing ones servers. I doubt that McAfee is even updated enough to battle these evil cybernetic hackers. The last thing this planet needs is cyberterrorism and it is bad enough we have pirates and Al Quada on our hands. They already made a movie on cyberterroism with Bruce Willis in it and trust me, leave out the special effects and unrealistic action, and you have a heck of a chaotic world, if you know what I mean.
Wouldn't make a blind bit of difference. The hacker didn't guess everyone's password – he hit a server which contained all of this information.
I guess the cost of having a secure network isnt worth it for these companies. Couple million in lost sales or state of the art network...hmmm.
Never heard of the company but after reading the story about their non existant customer service department (shutting the phones off in anticipation of customer complaints), I defintiely wouldnt deal with them in the future.
Apu didn't want to answer questions.
They have already explained all attention is being diverted to emails. Why should they let their phone system crash when inundated with millions of calls? I think email was a really smart way to cover it.
So, lets say 1 million people call in, what are they supposed to do? Customer service doesn't always mean getting on the phone. It means getting things fixed and admitting that they made a mistake. In normal, non-escalated situations their customer service is bar-none. Google Zappos customer service. Read what people say. People love what they do and how they care.
Just answering the phone and sitting on the phone with some idiot who wants to rant about privacy for 2 hours helps no one...so don't pretend you'd be able to do anything better.
I'm interested to hear how you'd handle the situation.
@ Bill, LMAO
Rooney, a quick google search tells me that Amazon owns zappos. You really think Amazon cant handle the calls? Just poor service all around, thats all.
How many times have you called amazon?
Probably by the cyber criminals anonymous who will buy a few pairs of shoes for the poor and use some of the money for themselves along with the identify theft and make believe they did it for a good cause as they do with all their criminal acts.
I think everyone is missing a key point. Cybercrime should be redefined from a "white collar crime" to a "capital offense".
For those opposing, I don't think a capital offense is cruel and unusual punishment when the perpetrator has caused, in many cases, irreparable harm to people (e.g. stealing & selling of social security numbers, credit card numbers, etc.).
Resetting customers' passwords is the LEAST of their concerns.
That's too bad. Zappos has always had the best selection and service on the internet. My dealings with them have actually been a pleasure. I hope this doesn't impact their business.