|
MSNBC...
Zappos
says
hacker may have accessed info on 24 million customers
By Bob
Sullivan
January 17, 2012
Online
retailer Zappos.com is telling 24 million customers that their personal
information has been hacked, and forcing all of them to reset their
passwords. Cyber
criminals may have
accessed customers’ names, e-mail addresses, billing and shipping
addresses,
phone number, and the last four digits of consumers’ credit card
numbers, the
firm said in an announcement that was posted on Zappos’ Web site late
Sunday
night. Full credit
card numbers were not
stolen, the firm said, because they were stored separately.
The
announcement included the text of an e-mail that Zappos customers will
soon
receive.
“We were
recently the victim of a cyber attack by a criminal who gained access
to parts
of our internal network and systems through one of our servers in
Kentucky. We
are cooperating with law enforcement to undergo an exhaustive
investigation,”
says the e-mail, which
is signed by Tony
Hsieh, Zappos CEO. “For your protection and to prevent unauthorized
access, we
have expired and reset your password so you can create a new password.
Please
follow the instructions below to create a new password.
We also recommend that you change your
password on any other web site where you use the same or a similar
password.”
While
passwords that may have been stolen were cryptographically scrambled,
Zappos
said, it is still requiring all consumers to change their passwords.
Zappos
also recommends that consumers who use their Zappos password on other
sites — a
common, if unsafe, practice — should change those passwords, too.
Zappos has
set up a special Web page for customers to visit and change the
password:
http://www.zappos.com/passwordchange.
Anticipating
a flood of customer service calls in response to the notification
e-mail,
Zappos is taking the unusual step of turning off its customer service
telephone
lines and forcing consumers with questions to send them in via e-mail.
“Due to the
volume of inquiries we are expecting, we realized that we could serve
the most
customers by answering their questions by email,” Hsieh said in a note
to
employees, also posted on the firm’s Web page. “We have made the hard
decision
to temporarily turn off our phones and direct customers to contact us
by email
because our phone systems simply aren’t capable of handling so much
volume. (If
5% of our customers call, that would be over 1 million phone calls,
most of
which would not even make it into our phone system in the first place.)
“
Hsieh said
the firm would have “all hands on deck,” to help customers with
questions.
Judged by
the number of customers impacted, Zappos’ data breach is among the
biggest
thefts of customer information ever, but still considerably smaller
than last year’s
incident involving the Sony Play Station Network, which reportedly
impacted 77
million customers.
Hsieh
struck an apologetic tone in both the e-mail to consumers and the memo
to
staff.
“We’ve
spent over 12 years building our reputation, brand, and trust with our
customers. It’s painful to see us take so many steps back due to a
single
incident,” he said in the memo. “I suppose the one saving grace is that
the
database that stores our customers’ critical credit card and other
payment data
was not affected or accessed.”
Read this
and other articles at MSNBC
|
