Myce.com Latest Updates

Zappos hit by massive cyber attack, 24 million customers notified

Posted at 17 January 2012 13:00 CEST by Justin_Massoud

Online retailer Zappos sent an important email out to its 24 million customers on Sunday. Instead of offering hot deals on new shoes, however, the company informed them that their personal information had been compromised in a large-scale data breach.

Zappos’ message broke the news into two categories. Here’s the “bad” news: cyber criminals may have customers’ names, billing and shipping addresses, email addresses, phone numbers, the last four digits of customers’ credit cards and hashed passwords. The “better” news is that critical information (i.e. full credit card numbers) wasn’t accessed.

The company urged customers to create new passwords for their accounts, and, if the passwords were in use anywhere else, go ahead and change those, too.

Before the notification went out, Zappos CEO Tony Hsieh sent an email memo to employees about the cyber intrusion, but declined to provide concrete details:

We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.

Because of the nature of the investigation, the information in this email is being sent a bit more formally, and unfortunately we are not able to provide any more details about specifics of the attack beyond what is in this email and the link at the end of this email, but we can say that THE DATABASE THAT STORES OUR CUSTOMERS’ CRITICAL CREDIT CARD AND OTHER PAYMENT DATA WAS NOT AFFECTED OR ACCESSED.

The most important focus for us right now is the safety and security of our customers’ information. Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts. (We’ve already reset and expired their existing passwords.)

Hsieh added that the company made the “hard decision” to temporarily turn off its customer support phone line, asking those with questions to reach them via email.

“If 5 percent of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place,” Hsieh reasoned.

Oddly enough, the company’s own website doesn’t mention that its customer database was hacked. Its official blog does not currently offer any of the above information. A new “Create a New Password” tab is the closest giveaway. (via Naked Security)

Click for more news

online retailerspiracy

Click to share

There are 0 comments

Post your comment

You need to register before you can comment

Like us

Most popular headlines

Microsoft: Windows 9 will be free for Windows 8 users

The President of Microsoft Indonesia has stated that Windows 9 will be a fr...

HGTST announces Ultrastar 10TB Helium filled hard disk

Western Digital's subsidiary HGST has announced it will start production of Heli...

Samsung's TLC NAND 840 EVO SSDs affected by bug - firmware update near

Owners of Samsung's 840 EVO SSDs report speed issues with their drives. The user...

Statement from DVD-Ranger after being banned from Myce

DVD-Ranger today issued an official statement responding to the fact that he has...

Five day old Android Lemon Meringue Pie build LRW87D spotted (video)

Lemon Meringue Pie build LRW87D has been spotted  in the Chromium issue tra...

See all headlines

Community Activities

Follow Myce.com