Zappos Hacked, Over 24 Million Accounts Breached

First, the good news: the Zappos server that holds its customers sensitive financial information (such as credit card numbers) was not hacked this weekend. The bad news, however, is that hackers made off with just about every other type of customer information they could want, including names; email, billing, and shipping addresses; phone numbers; the last four digits of customers’ social security numbers; and their cryptographically scrambled passwords.

Zappos CEO Tony Hsieh. Credit: worldofusability

In an email sent to its customers this weekend and subsequently posted on its blog, online shoe and clothing retailer Zappos revealed the cyber attack, the extend of its damage and scope, and what it was planning to do about it.

The company estimates that more than 24 million customer accounts were compromised, and it began taking immediate (if only modestly helpful) action by resetting or expiring all existing passwords. Thus, customers need to go in to their accounts and reset them.

Zappos is redirecting all of its staff at HQ--regardless of position--to help customers sort out problems and reset their passwords. To better handle the volume of customer requests and inquiries, Zappos is shutting down its phone service temporarily (unsurprisingly, it doesn’t have the phone resources to field 24 million calls in the span of a few days) and relying solely on email for the task.
Via:  Zappos
Manduh 2 years ago

Holy jeebus! 24 million customers?! That's a ton of info to sell! It's a shame this keeps happening.

AKwyn 2 years ago

[quote user="Manduh"]

Holy jeebus! 24 million customers?! That's a ton of info to sell! It's a shame this keeps happening.


Agreed, at least further damange wasn't done. Shame they got their addresses though.

cowboyspace 2 years ago

this is a Guinness World Record. Hackers these days just dont get it. instead of using their knowledge doing good things, they decide to do the bad thing O_O

omegadraco 2 years ago

I was just waiting for the next high profile attack to occur. Time to think of new passwords for users of Zappos.

deadmanet 2 years ago

Another one?? Glad I've never used Zappos!

dejasoul100 2 years ago

Wowzers! Cyber security is becoming a really important field these days, with big companies being big targets. My friends keep thinking I'm paranoid for minimizing my online commerce, but these stories make my paranoia even worse...

I feel for the customers. You can change your credit card, phone number, email, but addresses are something else.

JStein 2 years ago

Zappos is giving everyone a lesson on managing a data breach that everyone who may ever have to deal with the problem should look to for guidance. There is a lot to be learned. People understand that such things happen and, unless you've been egregiously lax in protecting their account information, will give you the benefit of the doubt. How you respond to the crisis will be what determines whether or not the issue is resolved with minimal damage or it deteriorates into a PR disaster. As I said, Zappos is giving us a real-time lesson on how to do crisis management properly and we should all be taking notes. For a more detailed analysis:

Post a Comment
or Register to comment