Zappos Breach Affects 24 Million

Customers Urged to Reset Passwords, Monitor for Phishing
Zappos Breach Affects 24 Million
Online shoe and clothing retailer Zappos.com has issued an e-mail alert to more than 24 million customers regarding a newly-discovered data breach.

See Also: 2017 Security Predictions from Malwarebytes; New Year, New Threats

In a blog post, Tony Hsieh, CEO of Zappos, explains that a criminal gained access to certain parts of the network through one of the company's servers in Kentucky.

"We are cooperating with law enforcement to undergo an exhaustive investigation," Hsieh says.

The data breach resulted in unauthorized access to the following customer account information: names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or the cryptographically scrambled passwords (but not the actual passwords).

The database that stores customers' critical credit card and other payment data was not affected or accessed, Zappos says.

The company has taken action by expiring and resetting passwords and asking customers to create new ones.

"We also recommend that you change your password on any other web site where you use the same or a similar password," the e-mail sent to affected customers states.

Zappos also warned customers about potential phishing attacks as a result of the breach. "As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail," the statement says. "Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information."

A web page has also been established to provide updates and answers to customers' questions.

"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh says. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.