Online retailer Zappos.com is asking its 24 million customers to reset their passwords after a cyberattack, according to a posting on the company's website.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," says the posting, which was sent out as an e-mail from company CEO Tony Hsieh to Zappos employees on Sunday.
The company said it had expired and reset customers' passwords and would be sending an e-mail with further instructions to all its customers. It also posted password reset instructions on its website.
Zappos said that hackers gained access to customers' names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.
Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.
Because it expects a deluge of phone calls related to the hacking, Zappos said it was temporarily turning off its phones and would answer all inquiries by e-mail.
"If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place," the company's e-mail to employees said.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said..
The e-mail also went out to customers of Zappos discount website, 6pm. com.
While large, the hacking attack was not the largest of the past year. In April, Sony's PlayStation Network, with 70 million customers, was hacked, with an "unauthorized person" obtaining users' names, home addresses, e-mail addresses, birth dates and passwords, according to Sony.
Well, I am surprised people are not cheering on these hackers and thanking them for their wonderful work. I mean after all the people have said about Anonymous and other hacking groups for their job well done against the Government, Federal and State levels, I would expect cheering against the capitalist sector too.
Not all hackers are bad.... or did that go right over your head?
If you seriously cannot see the difference then there is no hope in changing that through explanation.
Is Zappos the hamilton niagara falls cigarette lighter mfgs Zippo, who i beleive have a las vesgas head office running a hacking racket themselves, while they cover with an online shopping network..those are the numbers racketeer rings and the other crime syndicate dealers. some bronx idiot wap was in the hallway here yelling for moe in the stupid new tenant apt of three idiot waps. across from me. larry moe and curly – niagara falls slowly i turn step by step inch by inch, then i ..... ..... ... i forget the rest of that skit on old time t.v. the bronx is a new york borough – he has a bronx italian accent/jewish overtones in it. tny
Uh.. you really shouldn't drink and comment..
No Zappos is not Zippo. No typo errors
say no to drugs
Please do not comment while you are intoxicated.
I never ordered from zappos and got an email. The problem is larger than they are indicating.
This is exactly why I don't want to "set up an account" with every retailer I do business with online. However, most of them force you to do just that. I bought ONE pair of shoes from Zappos, 2 years ago, and now my information may be compromised.
That is one reason why i don't do any banking on line, no matter how safe they say their computer are, so take heed. Someone will always hack into them some day.
You do know that your stuff can still be hacked right? Just because you don't do business online does not mean your bank keeps all info on hand written notes in a steel vault.
Ron, even if they did someone could break in to the vault, or intercept the message as it enters/leaves the vault. No one is ever completely safe ever. The sooner people can realize that the sooner they can stop being paranoid over every MINOR breach. I mean seriously, what did the hacker get? Useless login information with now incorrect passwords.
Well isn't that great customer service. Sorry your info was hacked and hey we're turning our phones off so we don't have to deal with it.
Hmmm...the part where they said they would be handling the volume through email discredits your theory. It is quite possible that the email servers can handle much bigger volume than the phone system. Thus instead of having a million incoming calls crashing their phone system leaving them unable to respond to any of the calls they are trying to repsond to all of them via email.
They are not responding to emails. They are sending you a copied response when you email them. So yes, they are avoiding their customers. I was charged $420.00 fraudulently on my card for a Zappos order a little over a week ago that I didn't place. When I emailed them today asking why they are not notifying the public that people are actually being charged they sent me a cookie cutter response! Didn't even address my question.
Next time, encrypt your whole bloody database.
Hacking is bad for business, but what is Zappos?
I'm pretty sure a quick search in google will locate the answer for you. Plus you wont have rely on a middle man.
That's why I go to brick and mortar stores and pay cash. It is not that inconvenient and lot easier than trying to get your credit identiy back. Long live greenbacks.
Good for you.
Interesting. Zappos get hacked after being aquired by Amazon. Amazon needs to slow down and put some qualilty into all the products they are pushing to the cloud. Their extrem agile approach to everything and siloed teams is not working.
I'm not sure we have enough information to lay blame at someone just for acquiring a company. But I realize that the majority of the people prefer to deal in speculation and opinion instead of hard facts.
I never received an email from Zappo alerting me of this cyber attack and telling me to reset my password. Is it safe to reset it on their website ???? They are not answering their phones now.
I didn't get an email either; you don't have to call though, they reset everyone's passwords and now you just have to choose a new password when you get the email from them to do so.
Go to Zappos.com and on the top right hand side of the page there is a link that says "Create a New Password" you'll have to enter your email and they will send you a link to create a new password. Be sure to check your Junk Mail as well if you do not receive the email within a few minutes.
Log in, that would prompt you for a reset password or to resend the email with it.
I never got an email either.
This "we sent email" is a complete lie. Zappos is stonewalling about it's lack of stewardship over our info including NOT sending email and NOT answering phones. They simply didn't want to pay the 800 # fees. There's no doubt that they are also NOT replying to the email sent to them – but since it's free it's what they're pointing people at.
You can't even access their website if you're an international customer (Canada) – you get a message saying Zappos is not accepting international traffic at this time. Apparently we don't matter as much now they have our money.
I got the email, they do say that it is safe to go to the site and reset. Just try to long on and it will prompt you on what to do.
I got an email from zappos telling me to reset my password. So, maybe you should check your spam box to see if it was sent there automatically.
At the very least, I'll be getting a whole lot more spam now.
Anonymous strikes again.
Shouldn't they be focused on Rupert Murdoch and not an innocent online retailer?
This blog – This Just In – will no longer be updated. Looking for the freshest news from CNN? Go to our ever-popular CNN.com homepage on your desktop or your mobile device, and join the party at @cnnbrk, the world's most-followed account for news.