Non-U.S. customers kept in dark as Zappos cleans up after data breach
Online clothing shop Zappos.com reset the passwords of over 24 million customers after security breach
IDG News Service - Online shoe and apparel shop Zappos.com is advising over 24 million customers to change their passwords following a data breach, but its website is currently inaccessible to people outside the U.S.
Zappos employees received an email from CEO Tony Hsieh on Sunday, alerting them about a security breach that involved the online shop's customer database.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," Hsieh said in the email.
Even though he assured everyone that no credit card details had been compromised, Hsieh revealed that the attacker had accessed customer records including names; email, billing and shipping addresses; phone numbers, and the last four digits of their credit card numbers.
The hacker also gained access to password hashes for the accounts registered on the website, prompting the company to reset everyone's access codes. Zappos is currently in the process of emailing its 24 million customers in order to notify them about the security breach and advise them to change their passwords.
The company also took the decision to shut off its phones, because the expected phone traffic generated by customers calling in would almost certainly exceed what its system can handle. Customer support is currently being provided through email and Twitter.
"Please create a new password by visiting Zappos.com and clicking on the 'Create a New Password' link in the upper right corner of the web site and follow the steps from there," the company said in its email to customers.
However, at the moment, non-US residents cannot access most of Zappos' website, leaving them unable to follow these instructions. "We are currently undergoing some system maintenance that has limited our international customers in accessing our website," the company said via Twitter.
Zappos advised its customers to change their login details on any other websites where they used the same password, to prevent hackers trying to access those accounts using the data they obtained during this breach.
It's not clear whether affected customers will be offered identity theft protection services or not. Zappos, which is a subsidiary of Amazon, did not immediately return a request for comment regarding this possibility.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts