Zappos hack exposes personal information of 24 million customers
Data on up to 24 million customers of online shoe retailer Zappos was compromised according to an email sent by its CEO Tony Hsieh on Sunday. While Hsieh says that full credit card information is safe, hackers may have the last four digits of the cards.
Hackers accessed names, email addresses, physical addresses, and phone numbers. Passwords were also compromised, however in encrypted form. As a result, the company sent out an email to all its customers, advising them to change their passwords as a protective measure. Zappos is also asking customers to reset their passwords elsewhere where it may be the same.
A menu option has been added to Zappos pages urging customers to "Create a New Password". The company is trying its best to get as many of its users to change their passwords as soon as possible.
The danger from this hack is the increased risk of a compromise of other online accounts. The typical Internet user has only one password that is used across a multitude of services. For example, if hackers are successful in breaking Zappos' password encryption, they may try to access the customer's email account using the Zappos password.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident", Hsieh writes. "I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed".
Zappos is owned by Amazon.com. The retailer had no immediate comment on the attack.