hacked; 24 million customers affected is asking its 24 million customers to reset their passwords.
January 16th, 2012
07:45 AM ET hacked; 24 million customers affected

Online retailer is asking its 24 million customers to reset their passwords after a cyberattack, according to a posting on the company's website.

"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," says the posting, which was sent out as an e-mail from company CEO Tony Hsieh to Zappos employees on Sunday.

The company said it had expired and reset customers' passwords and would be sending an e-mail with further instructions to all its customers. It also posted password reset instructions on its website.

Zappos said that hackers gained access to customers' names, e-mail addresses,  billing and shipping addresses, phone numbers, and the last four digits of credit card numbers and encrypted passwords.

Full credit card numbers and other payment info were stored on a separate server which was not hacked, the company said.

Because it expects a deluge of phone calls related to the hacking, Zappos said it was temporarily turning off its phones and would answer all inquiries by e-mail.

"If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place," the company's e-mail to employees said.

"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh's e-mail said..

The e-mail also went out to customers of Zappos discount website, 6pm. com.

While large, the hacking attack was not the largest of the past year. In April, Sony's PlayStation Network, with 70 million customers, was hacked, with an "unauthorized person" obtaining users' names, home addresses, e-mail addresses, birth dates and passwords, according to Sony.

soundoff (268 Responses)
  1. Trevyn

    Um, I'm sure someone pointed this out to them, but if encrypted passwords have been exposed then there is no way that credit card information is protected since the only thing between me and retrieving my credit card information on their site is my password.

    January 16, 2012 at 7:51 pm | Report abuse |
    • RonnieReagan

      If you use that ZAPPOS password on any other sites, you need to change it there as well! Many people use the same password across multiple sites. Bad practice, but it is what it is. So go change them!

      January 16, 2012 at 8:37 pm | Report abuse |
    • Adam

      Credit Card numbers are not exposed in the customer account section on Zappos, only the last four digits (as mentioned in the article). Article also mentions that all passwords were reset, so even if your password is simple to decrypt, it would not be able to access your Zappos account.

      January 17, 2012 at 12:10 am | Report abuse |
    • Linda Evans

      They did say that all credit card info is on another server that wasn't hacked. So your good... 🙂

      January 31, 2012 at 1:08 pm | Report abuse |
  2. Peter Wolfe

    Honestly do these hackers have anything better to do than break the law on the web? These people should be arrested and not ever allowed the access to the online priviledges of the internet wherever possible. In a matter of a few years, this pesty problem will be somewhat augmented with new technology. Cough, republicans cannot understand deregulation isn't a good things afterall.

    January 16, 2012 at 8:39 pm | Report abuse |
    • Some people's kids

      Like PIPA, introduced into Senate by a democrat, is any better. Wake up moron boy republicans aren't the only politicians attempting to screw with your internet privleges.
      Read. It's good for you.

      January 16, 2012 at 11:45 pm | Report abuse |
    • Some people's kids

      Btw, a good place to start reading about PIPA and SOPA is

      January 16, 2012 at 11:50 pm | Report abuse |
    • ParadeFaith

      Yeah, good luck arresting Chinese or Russian Nationals in their home countries.

      January 19, 2012 at 6:02 am | Report abuse |
  3. DavidH

    this may have been soid but here is a good link explaining encryption encrypted passwords are unbreakable in any amount of time that matters, as in decades. they are changing passwords only as an abundance of caution. this is one of the least serious hacks in memory.

    January 16, 2012 at 8:51 pm | Report abuse |
  4. Nwvotes

    Were you affect by the hacking? Vote at

    January 16, 2012 at 9:58 pm | Report abuse |
  5. jdoe

    Corporate America: Don't worry. Your information is safe with us. Unless our servers are hacked, then it's your responsibility and your fault for trusting us.

    January 16, 2012 at 10:03 pm | Report abuse |
  6. Robn37

    Zappos says "full credit card numbers and other payment info were stored on a separate server which was not hacked." That's BS. My credit card was used fraudulently the same day in their area, and I live over a thousand miles away.

    January 17, 2012 at 4:32 am | Report abuse |
  7. rod


    January 17, 2012 at 10:10 am | Report abuse |
    • Tasya

      Laura,Thank you. This is a wonderful ayrper to wake up to this morning. I have to admit that even though I pray for them their is a part of me that is terrified that they might change their minds. I tried to five years to reach them and am as traumatized by the result as from the mistreatment as a child. I'm safe now and a big part of me doesn't want to give that up. Life is so different without the huge cloud of disapproval that I lived under for so long. I know that if God did enlighten them that He would also give me the courage to open myself up to them again. I still wish them no harm, only blessings.May God continue to work in your life too, Laura and end your state of aloneness. I like to visualize the face of Jesus and gaze into His face just as an infant gazes into the face of his mother. Then I see me the way He sees me. His response is always accepting, loving, and warm. He is there totally for me, no strings attached. He's there that way for you too. We may feel alone but we are never alone because Jesus lives in us. When He lives through us, connecting with others and receiving their love doesn't seem quite so unnatural. On the otherhand, I know God uses all things for our good and He made me a loner for a reason. I think it is because with Him I have the courage to speak out even when others are against Him and me because of Him. I know He is working the pain in your life to good also. I also, look forward to the day when their will be no more pain and no memory of it. Then we can forget that such a horror as child abuse and neglect ever existed.Thank you for brightening my day and strengthening me by your ayrper.Love,Pam

      March 14, 2012 at 10:41 pm | Report abuse |
  8. CH

    Onlly thing I'm zapping from now on is food in my microwave. Bye Zappos.

    January 17, 2012 at 12:43 pm | Report abuse |
  9. Joe

    For the last 40 years when i send my bills via US mail I dont have this problem .

    January 17, 2012 at 1:06 pm | Report abuse |
  10. John

    I placed an order with Zappos on January 14th. On January 15th, the same credit card I used with Zappos was used at a department store in Los Angeles for $2000+. I live in the Midwest. I find this coincidence interesting in that Zappos claims my credit card information was not compromised. Also, I never got the email from Zappos alerting me to the security breach. I got a text message from my credit card company alerting me to the fraud on my credit card.

    January 17, 2012 at 1:32 pm | Report abuse |
    • Nimota

      Same here. I got a text from someone telling me to change my zappos password. I never received an email from zappos and there was nothing on their website letting customers know how to change their passwords. I won't be shopping with them anymore.

      January 17, 2012 at 8:23 pm | Report abuse |
    • Donna

      Same for me too–fraudulent use of my card the weekend after I received a Zappos order, no contact from them, etc. I wish Zappos was taking at least SOME responsibility for this. The breach may not have been their fault but they could certainly apologize to customers for the inconvenience of having to cancel and change credit cards.

      January 18, 2012 at 7:25 am | Report abuse |
    • Forhad

      John – Would like to speak to you about your experience. Can we connect by phone or email?

      October 18, 2012 at 11:07 am | Report abuse |


    January 18, 2012 at 4:16 am | Report abuse |
  12. ta evans

    The network was never designed to be secure or private! There is no way to secure it there will always be a way to get in to whatever program there is

    January 19, 2012 at 12:40 pm | Report abuse |
  13. Lorin Maazel

    Thanks for sharing the information; by the way I am a management student and trying to write an article on Kaleil Isaza Tuzman . As far as I got to know about him, Kaleil Isaza Tuzman is an entrepreneur, the chief executive officer and elected chairman of the board of KIT digital, Inc., and managing partner of KCP Capital. Do you guys have any idea or point to any resources about him.

    May 29, 2012 at 10:49 am | Report abuse |
  14. Bernard

    Howdy are using WordPress for your blog platform? I'm new to the blog world but I'm trying to get started and create my own. Do you need any html coding knowledge to make your own blog? Any help would be really appreciated!

    January 9, 2013 at 12:21 pm | Report abuse |
  15. Jennifer

    Spot on with this write-up, I actually believe this website needs
    far more attention. I'll probably be back again to see more, thanks for the info!

    May 5, 2013 at 3:32 am | Report abuse |
1 2 3 4 5 6 7 8 9