Search

by MojoPages

Print
Email
Share

Zappos says customer database hacked

by Associated Press

KING5.com

Posted on January 16, 2012 at 9:57 AM

Updated Monday, Jan 16 at 11:29 AM

PORTLAND, Ore. - Online shoe seller Zappos.com says a hacker may have accessed the personal information of up to 24 million customers.

Customers' credit card and payment information was not stolen, but names, phone numbers, email addresses, billing and shipping addresses, the last four digits from credit cards and more may have been accessed in the attack, according to an email that CEO Tony Hsieh sent on Sunday to employees.

Zappos is contacting customers by email and urging them to change their passwords.

Zappos said the hacker gained access to its internal network and systems through one of the company's servers in Kentucky. Zappos is based in Las Vegas. It is owned by Seattle-based Amazon.com Inc.

"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh said in his email. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."

Zappos.com information on password change for customers: http://www.zappos.com/passwordchange
CEO email and statement: http://blogs.zappos.com/securityemail

Print
Email
Share
 
Home Video
More Video

To add a comment, please register or login.

1000 characters remaining

Submit

We welcome your comments on this story's topic. Off-topic comments, personal attacks, and inappropriate language may be flagged and removed, and comment privileges blocked, per our Terms of Service. Thanks for keeping the comments space respectful.

Privacy Policy

You have indicated this comment should be removed.

Close

The comment has been submitted for review. Thank you .

Comments: Displaying 1 - 4 of 4

TruthBTold said on January 16, 2012 at 10:48 PM

These and other databases should be encrypted. All transactions between DBs across the wire internally should be encrypted...period. Too many companies put up what they consider a strong security wall but once compromised and people get in, security is way too lax. No more excuses, security doesn't begin and end at the front door. You want to protect yourself, tell those you like to shop with to put up multiple layers of security.

79980334
Flag this comment

andreweastside said on January 16, 2012 at 5:34 PM

@ponderer: Although Amazon may have acquired Zappos, it is being run independently -- and any acquisition could take years to integrate the system (for all manner of reasons - from technical (one is running systems running on operating system X, and the other on operating system Y) to business (they intentionally want to keep them separate) to legal (I'm not a lawer, but I'll assume plenty could exist). So, having one set of systems accessed illegitimately does not (automatically) in any way increase the possibility of the other being accessed.

79970668
Flag this comment

ponderer said on January 16, 2012 at 12:11 PM

If it is owned by Amazon; do they use the same security systems as Amazon? I would have thought so, but that leads to the question of if it is the same security, what is preventing Amazon from being hacked?

79956317
Flag this comment

charleylechein said on January 16, 2012 at 11:23 AM

charleylechein avatar

Remember the old tv commercials of people that got hacked? They showed a person that was different than the thief and you saw a blurb at the bottom of the real person's info. I imagine rednecks meeting on street corners selling the info, like "hey Bubba, wanna buy Juan Garcias' credit card info, got it off of Zappo's website server around the corner"

79953831
Flag this comment