The company has taken steps to ensure its customers' passwords will be reset but offers limited details as to the nature of the breach.
shoes and apparel outlet Zappos, owned by e-tailing giant Amazon, has suffered
a massive data breach that may have affected more than 24 million of its
company apologized for the occurrence and stressed the database that stores
customers' critical credit card and other payment data was not affected or
accessed. However, the company sent out an email to its customers notifying
them that, for their protection and to prevent unauthorized access, Zappos
expired and reset their passwords so customers can create a new password.
are writing to let you know that there may have been illegal and unauthorized
access to some of your customer account information on Zappos.com, including
one or more of the following: your name, e-mail address, billing and shipping
addresses, phone number, the last four digits of your credit card number (the
standard information you find on receipts), and/or your cryptographically
scrambled password (but not your actual password)," Zappos CEO Tony Hsieh
wrote in an email to customers and employees.
also recommended that users change their password on any other Website where
they use the same or a similar password. "As always, please remember that
Zappos.com will never ask you for personal or account information in an
e-mail," he said. "Please exercise caution if you receive any emails
or phone calls that ask for personal information or direct you to a web site
where you are asked to provide personal information."
company also alerted customers of its decision to temporarily turn off its
phones and direct customers to contact Zappos via email because its phone
systems aren't capable of handling so much volume. Because of the nature of the
investigation, the information in the email is being sent more formally, and
the company apologized for not being able to provide any more details about
specifics of the attack beyond what is in the email and the link at the end of
spent over 12 years building our reputation, brand, and trust with our customers.
It's painful to see us take so many steps back due to a single incident. I
suppose the one saving grace is that the database that stores our customers'
critical credit card and other payment data was not affected or accessed,"
Hsieh concluded. "Over the next day or so, we will be training everyone on
the specifics of how to best help our customers through their password change
process now that their passwords have been reset and expired. We need all hands
on deck to help get through this."
Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.