hacked; 24 million customers affected is asking its 24 million customers to reset their passwords.
January 16th, 2012
07:45 AM ET hacked; 24 million customers affected

Online retailer is asking its 24 million customers to reset their passwords after a cyberattack, according to a posting on the company's website.

"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," says the posting, which was sent out as an e-mail from company CEO Tony Hsieh to Zappos employees on Sunday.

The company said it had expired and reset customers' passwords and would be sending an e-mail with further instructions to all its customers. It also posted password reset instructions on its website.

Zappos said that hackers gained access to customers' names, e-mail addresses,  billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.

Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.

Because it expects a deluge of phone calls related to the hacking, Zappos said it was temporarily turning off its phones and would answer all inquiries by e-mail.

"If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place," the company's e-mail to employees said.

"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said..

The e-mail also went out to customers of Zappos discount website, 6pm. com.

While large, the hacking attack was not the largest of the past year. In April, Sony's PlayStation Network, with 70 million customers, was hacked, with an "unauthorized person" obtaining users' names, home addresses, e-mail addresses, birth dates and passwords, according to Sony.

soundoff (268 Responses)
  1. sharky

    Well, I am surprised people are not cheering on these hackers and thanking them for their wonderful work. I mean after all the people have said about Anonymous and other hacking groups for their job well done against the Government, Federal and State levels, I would expect cheering against the capitalist sector too.

    January 16, 2012 at 2:20 pm | Report abuse |
    • Ron

      Not all hackers are bad.... or did that go right over your head?

      January 16, 2012 at 2:54 pm | Report abuse |
    • Jeff S

      If you seriously cannot see the difference then there is no hope in changing that through explanation.

      January 16, 2012 at 3:14 pm | Report abuse |
  2. YounanMarketingAndManagementAssociatesInc, Int'l Intst''r

    Is Zappos the hamilton niagara falls cigarette lighter mfgs Zippo, who i beleive have a las vesgas head office running a hacking racket themselves, while they cover with an online shopping network..those are the numbers racketeer rings and the other crime syndicate dealers. some bronx idiot wap was in the hallway here yelling for moe in the stupid new tenant apt of three idiot waps. across from me. larry moe and curly – niagara falls slowly i turn step by step inch by inch, then i ..... ..... ... i forget the rest of that skit on old time t.v. the bronx is a new york borough – he has a bronx italian accent/jewish overtones in it. tny

    January 16, 2012 at 2:23 pm | Report abuse |
    • Vegashorty


      January 16, 2012 at 2:33 pm | Report abuse |
    • Confused

      Uh.. you really shouldn't drink and comment..

      January 16, 2012 at 2:41 pm | Report abuse |
    • debbie

      No Zappos is not Zippo. No typo errors

      January 16, 2012 at 2:44 pm | Report abuse |
    • Brandon

      say no to drugs

      January 16, 2012 at 2:49 pm | Report abuse |
    • Ralph

      Please do not comment while you are intoxicated.

      January 16, 2012 at 2:51 pm | Report abuse |
  3. Mendoza

    I never ordered from zappos and got an email. The problem is larger than they are indicating.

    January 16, 2012 at 2:29 pm | Report abuse |
  4. Juanita

    This is exactly why I don't want to "set up an account" with every retailer I do business with online. However, most of them force you to do just that. I bought ONE pair of shoes from Zappos, 2 years ago, and now my information may be compromised.

    January 16, 2012 at 2:39 pm | Report abuse |
  5. Bruce

    That is one reason why i don't do any banking on line, no matter how safe they say their computer are, so take heed. Someone will always hack into them some day.

    January 16, 2012 at 2:40 pm | Report abuse |
    • Ron

      You do know that your stuff can still be hacked right? Just because you don't do business online does not mean your bank keeps all info on hand written notes in a steel vault.

      January 16, 2012 at 2:56 pm | Report abuse |
    • Rich G

      Ron, even if they did someone could break in to the vault, or intercept the message as it enters/leaves the vault. No one is ever completely safe ever. The sooner people can realize that the sooner they can stop being paranoid over every MINOR breach. I mean seriously, what did the hacker get? Useless login information with now incorrect passwords.

      January 16, 2012 at 3:10 pm | Report abuse |
  6. RiverLizard

    Well isn't that great customer service. Sorry your info was hacked and hey we're turning our phones off so we don't have to deal with it.

    January 16, 2012 at 2:42 pm | Report abuse |
    • Jeff S

      Hmmm...the part where they said they would be handling the volume through email discredits your theory. It is quite possible that the email servers can handle much bigger volume than the phone system. Thus instead of having a million incoming calls crashing their phone system leaving them unable to respond to any of the calls they are trying to repsond to all of them via email.

      January 16, 2012 at 3:19 pm | Report abuse |
    • Tammi

      They are not responding to emails. They are sending you a copied response when you email them. So yes, they are avoiding their customers. I was charged $420.00 fraudulently on my card for a Zappos order a little over a week ago that I didn't place. When I emailed them today asking why they are not notifying the public that people are actually being charged they sent me a cookie cutter response! Didn't even address my question.

      January 16, 2012 at 3:53 pm | Report abuse |
  7. Jim P.

    Next time, encrypt your whole bloody database.

    January 16, 2012 at 2:44 pm | Report abuse |
  8. mymoonlog


    January 16, 2012 at 2:47 pm | Report abuse |
  9. NamCbtVet

    Hacking is bad for business, but what is Zappos?

    January 16, 2012 at 2:53 pm | Report abuse |
    • Jeff S

      I'm pretty sure a quick search in google will locate the answer for you. Plus you wont have rely on a middle man.

      January 16, 2012 at 3:20 pm | Report abuse |
  10. foxinabox

    hackers suck.

    January 16, 2012 at 3:02 pm | Report abuse |
  11. JoJo

    That's why I go to brick and mortar stores and pay cash. It is not that inconvenient and lot easier than trying to get your credit identiy back. Long live greenbacks.

    January 16, 2012 at 3:04 pm | Report abuse |
    • Jeff S

      Good for you.

      January 16, 2012 at 3:21 pm | Report abuse |
  12. commonsense

    Interesting. Zappos get hacked after being aquired by Amazon. Amazon needs to slow down and put some qualilty into all the products they are pushing to the cloud. Their extrem agile approach to everything and siloed teams is not working.

    January 16, 2012 at 3:06 pm | Report abuse |
    • Jeff S

      I'm not sure we have enough information to lay blame at someone just for acquiring a company. But I realize that the majority of the people prefer to deal in speculation and opinion instead of hard facts.

      January 16, 2012 at 3:22 pm | Report abuse |
  13. J. simon

    I never received an email from Zappo alerting me of this cyber attack and telling me to reset my password. Is it safe to reset it on their website ???? They are not answering their phones now.

    January 16, 2012 at 3:12 pm | Report abuse |
    • LJ

      I didn't get an email either; you don't have to call though, they reset everyone's passwords and now you just have to choose a new password when you get the email from them to do so.

      January 16, 2012 at 3:25 pm | Report abuse |
    • Darius

      Go to and on the top right hand side of the page there is a link that says "Create a New Password" you'll have to enter your email and they will send you a link to create a new password. Be sure to check your Junk Mail as well if you do not receive the email within a few minutes.

      January 16, 2012 at 3:32 pm | Report abuse |
    • JJ

      Log in, that would prompt you for a reset password or to resend the email with it.

      January 16, 2012 at 3:40 pm | Report abuse |
    • CheckYourSpamBox


      January 16, 2012 at 3:47 pm | Report abuse |
    • klamerus

      I never got an email either.

      This "we sent email" is a complete lie. Zappos is stonewalling about it's lack of stewardship over our info including NOT sending email and NOT answering phones. They simply didn't want to pay the 800 # fees. There's no doubt that they are also NOT replying to the email sent to them – but since it's free it's what they're pointing people at.

      January 16, 2012 at 4:45 pm | Report abuse |
    • Philip Webb

      You can't even access their website if you're an international customer (Canada) – you get a message saying Zappos is not accepting international traffic at this time. Apparently we don't matter as much now they have our money.

      January 16, 2012 at 5:02 pm | Report abuse |
    • Rick C.

      I got the email, they do say that it is safe to go to the site and reset. Just try to long on and it will prompt you on what to do.

      January 16, 2012 at 5:14 pm | Report abuse |
    • Michael Hunt

      I got an email from zappos telling me to reset my password. So, maybe you should check your spam box to see if it was sent there automatically.

      January 16, 2012 at 8:09 pm | Report abuse |
  14. Oh, great.

    At the very least, I'll be getting a whole lot more spam now.

    January 16, 2012 at 3:13 pm | Report abuse |
  15. TheScampiCat

    Anonymous strikes again.

    January 16, 2012 at 3:27 pm | Report abuse |
    • Research In Mutton

      Shouldn't they be focused on Rupert Murdoch and not an innocent online retailer?

      January 16, 2012 at 6:05 pm | Report abuse |
1 2 3 4 5 6 7 8 9