Online retailer Zappos.com is asking its 24 million customers to reset their passwords after a cyberattack, according to a posting on the company's website.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," says the posting, which was sent out as an e-mail from company CEO Tony Hsieh to Zappos employees on Sunday.
The company said it had expired and reset customers' passwords and would be sending an e-mail with further instructions to all its customers. It also posted password reset instructions on its website.
Zappos said that hackers gained access to customers' names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.
Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.
Because it expects a deluge of phone calls related to the hacking, Zappos said it was temporarily turning off its phones and would answer all inquiries by e-mail.
"If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place," the company's e-mail to employees said.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said..
The e-mail also went out to customers of Zappos discount website, 6pm. com.
While large, the hacking attack was not the largest of the past year. In April, Sony's PlayStation Network, with 70 million customers, was hacked, with an "unauthorized person" obtaining users' names, home addresses, e-mail addresses, birth dates and passwords, according to Sony.
Um, I'm sure someone pointed this out to them, but if encrypted passwords have been exposed then there is no way that credit card information is protected since the only thing between me and retrieving my credit card information on their site is my password.
If you use that ZAPPOS password on any other sites, you need to change it there as well! Many people use the same password across multiple sites. Bad practice, but it is what it is. So go change them!
Credit Card numbers are not exposed in the customer account section on Zappos, only the last four digits (as mentioned in the article). Article also mentions that all passwords were reset, so even if your password is simple to decrypt, it would not be able to access your Zappos account.
They did say that all credit card info is on another server that wasn't hacked. So your good... :)
Honestly do these hackers have anything better to do than break the law on the web? These people should be arrested and not ever allowed the access to the online priviledges of the internet wherever possible. In a matter of a few years, this pesty problem will be somewhat augmented with new technology. Cough, republicans cannot understand deregulation isn't a good things afterall.
Like PIPA, introduced into Senate by a democrat, is any better. Wake up moron boy republicans aren't the only politicians attempting to screw with your internet privleges.
Read. It's good for you.
Btw, a good place to start reading about PIPA and SOPA is eff.org.
Yeah, good luck arresting Chinese or Russian Nationals in their home countries.
this may have been soid but here is a good link explaining encryption http://www.zdnet.com/blog/ou/is-encryption-really-crackable/204 encrypted passwords are unbreakable in any amount of time that matters, as in decades. they are changing passwords only as an abundance of caution. this is one of the least serious hacks in memory.
Were you affect by the Zappos.com hacking? Vote at Nationwidevotes.com
Corporate America: Don't worry. Your information is safe with us. Unless our servers are hacked, then it's your responsibility and your fault for trusting us.
Zappos says "full credit card numbers and other payment info were stored on a separate server which was not hacked." That's BS. My credit card was used fraudulently the same day in their area, and I live over a thousand miles away.
Laura,Thank you. This is a wonderful ayrper to wake up to this morning. I have to admit that even though I pray for them their is a part of me that is terrified that they might change their minds. I tried to five years to reach them and am as traumatized by the result as from the mistreatment as a child. I'm safe now and a big part of me doesn't want to give that up. Life is so different without the huge cloud of disapproval that I lived under for so long. I know that if God did enlighten them that He would also give me the courage to open myself up to them again. I still wish them no harm, only blessings.May God continue to work in your life too, Laura and end your state of aloneness. I like to visualize the face of Jesus and gaze into His face just as an infant gazes into the face of his mother. Then I see me the way He sees me. His response is always accepting, loving, and warm. He is there totally for me, no strings attached. He's there that way for you too. We may feel alone but we are never alone because Jesus lives in us. When He lives through us, connecting with others and receiving their love doesn't seem quite so unnatural. On the otherhand, I know God uses all things for our good and He made me a loner for a reason. I think it is because with Him I have the courage to speak out even when others are against Him and me because of Him. I know He is working the pain in your life to good also. I also, look forward to the day when their will be no more pain and no memory of it. Then we can forget that such a horror as child abuse and neglect ever existed.Thank you for brightening my day and strengthening me by your ayrper.Love,Pam
Onlly thing I'm zapping from now on is food in my microwave. Bye Zappos.
For the last 40 years when i send my bills via US mail I dont have this problem .
I placed an order with Zappos on January 14th. On January 15th, the same credit card I used with Zappos was used at a department store in Los Angeles for $2000+. I live in the Midwest. I find this coincidence interesting in that Zappos claims my credit card information was not compromised. Also, I never got the email from Zappos alerting me to the security breach. I got a text message from my credit card company alerting me to the fraud on my credit card.
Same here. I got a text from someone telling me to change my zappos password. I never received an email from zappos and there was nothing on their website letting customers know how to change their passwords. I won't be shopping with them anymore.
Same for me too–fraudulent use of my card the weekend after I received a Zappos order, no contact from them, etc. I wish Zappos was taking at least SOME responsibility for this. The breach may not have been their fault but they could certainly apologize to customers for the inconvenience of having to cancel and change credit cards.
John – Would like to speak to you about your experience. Can we connect by phone or email?
WE ARE ANONYMOUS.WE ARE LEGION.WE DO NOT FORGIVE.WE DO NOT FORGET.EXPECT US ! STOP S.O.P.A. !
The network was never designed to be secure or private! There is no way to secure it there will always be a way to get in to whatever program there is
Thanks for sharing the information; by the way I am a management student and trying to write an article on Kaleil Isaza Tuzman . As far as I got to know about him, Kaleil Isaza Tuzman is an entrepreneur, the chief executive officer and elected chairman of the board of KIT digital, Inc., and managing partner of KCP Capital. Do you guys have any idea or point to any resources about him.
Howdy are using WordPress for your blog platform? I'm new to the blog world but I'm trying to get started and create my own. Do you need any html coding knowledge to make your own blog? Any help would be really appreciated!
Spot on with this write-up, I actually believe this website needs
far more attention. I'll probably be back again to see more, thanks for the info!
This blog – This Just In – will no longer be updated. Looking for the freshest news from CNN? Go to our ever-popular CNN.com homepage on your desktop or your mobile device, and join the party at @cnnbrk, the world's most-followed account for news.