I received an email earlier this evening from Zappos.com, informing me that my account was compromised. The email stated that there were illegal and unauthorized access to some of the their customer information database, including phone numbers, e-mail addresses, billing and shipping addresses and last four digits of credit card numbers.
They were quick to point out that none of my credit card and other payment data was affected or accessed. Although they have access to my “cryptographically scrambled password”, it’s not the actual password. This brought me some relief, however, there is still some area of concern. Hackers can do a lot with your email addresses, attempting to login on multiple websites with it, for example. If you are affected, be sure to change passwords for any websites using the same or similar password.
For those of you that have accounts with Zappos.com, you’ll have to create a new password, since previous ones were reset. 6pm.com, a Zappos sister site, was also affected, so you may have received an email from them as well.
In a mass email to employees, the company described what happened:
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.”
Zappos.com has begun the process of notifying their 24+ million customers with account information in their databases. The first step of resetting and expiring all existing passwords has been completed.
You can read official updates from Zappos.com and reset your password following the link: http://www.zappos.com/passwordchange