Twenty-four million Zappos customers are getting an unpleasant
Sunday-evening surprise
The Amazon-owned e-commerce firm has revealed that it was
the target of a cyber-attack that gained access to its internal network,
including the accounts of 24 million of its users. Though the company says that
no complete credit card numbers were revealed in the breach, the intruders may
have accessed customers’ names, e-mail addresses, phone numbers, addresses, the
last four digits of their credit card numbers, and encrypted passwords. Zappos
says it’s taken the precaution of resetting the passwords of all its customers
and directing them to set a new password upon visiting the site.
“We were recently the victim of a cyber-attack by a criminal
who gained access to parts of our internal network and systems through one of
our servers in Kentucky,” the chief executive wrote to Zappos employees in an
email posted to the site, declining to offer more information about the breach.
”We are cooperating with law enforcement to undergo an exhaustive
investigation.”
Even after choosing a new Zappos password, users should be
careful to also change their passwords on any site where they’ve used a similar
or identical password, in case Zappos’ intruders are able to decrypt the
scrambled passwords they’ve stolen. Zappos is also warning affected customers
to watch out for phishing emails that will use their stolen email addresses to
spoof official Zappos emails and ask for account credentials or financial
details.
The chief executive wrote in his all-hands email that every
employee at Zappos’ Henderson, Nevada headquarters will be assisting in the
customer response to the breach, and that the company will only be responding
to emails rather than phone calls in its effort to answer the massive number of
queries that it expects to receive.
”We’ve spent over 12 years building our reputation, brand, and trust
with our customers. It’s painful to see us take so many steps back due to a
single incident,” he wrote in the email. “I suppose the one saving grace is
that the database that stores our customers’ critical credit card and other
payment data was not affected or accessed.”
Zappos customers can change their passwords.
