Zappos.Com Hacked, 24 Million Users Exposed
Zappos.com, an online shoe and clothing retailer acquired by Amazon in 2009 for $807 million (564 million EUR), suffered a data breach that may have exposed some sensitive information belonging to their 24 million customers.
Names, email addresses, mailing addresses and the last four digits from their clients’ social security numbers might have been obtained by the attackers, Infosec Island reports.
In a letter the company sent to their employees and customers, they revealed that parts of their internal network were accessed through one of their servers in Kentucky. Fortunately, the database that contains credit card information and other payment data has not been affected.
“The most important focus for us right now is the safety and security of our customers' information.
“Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts,” reads the email addressed to employees.
Zappos.com displays the content of the email sent to customers, in which they advised them to create a new password to make sure no one can access their accounts.
Because this could be a great subject for phishing operations, the company’s clients are also recommended to beware of suspicious emails that may request passwords or other private information that could expose a bank account.
While they’re dealing with the incident, their website cannot be accessed from foreign countries, which probably means that the hackers are from outside the US.
Also, their phone lines are temporarily shut down since most probably they wouldn’t be capable of handling the large influx of calls they’re about to receive.
An interesting thing about the incident is that customers are reporting to receive an email from Zappos, telling them that they need to reset their passwords due to a security update, there being no mention of the breach.
In a letter the company sent to their employees and customers, they revealed that parts of their internal network were accessed through one of their servers in Kentucky. Fortunately, the database that contains credit card information and other payment data has not been affected.
“The most important focus for us right now is the safety and security of our customers' information.
“Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts,” reads the email addressed to employees.
Zappos.com displays the content of the email sent to customers, in which they advised them to create a new password to make sure no one can access their accounts.
Because this could be a great subject for phishing operations, the company’s clients are also recommended to beware of suspicious emails that may request passwords or other private information that could expose a bank account.
While they’re dealing with the incident, their website cannot be accessed from foreign countries, which probably means that the hackers are from outside the US.
Also, their phone lines are temporarily shut down since most probably they wouldn’t be capable of handling the large influx of calls they’re about to receive.
An interesting thing about the incident is that customers are reporting to receive an email from Zappos, telling them that they need to reset their passwords due to a security update, there being no mention of the breach.
Source: Softpedia