Online shoe seller Zappos says customer database hacked
Posted January 16, 2012
PORTLAND, Ore. — Online shoe seller Zappos.com says a hacker may have accessed the personal information of up to 24 million customers.
Customers' credit card and payment information was not stolen, but names, phone numbers, email addresses, billing and shipping addresses, the last four digits from credit cards and more may have been accessed in the attack, according to an email that CEO Tony Hsieh sent on Sunday to employees.
Zappos is contacting customers by email and urging them to change their passwords.
Zappos said the hacker gained access to its internal network and systems through one of the company's servers in Kentucky. Zappos is based in Las Vegas. It is owned by Seattle-based Amazon.com Inc.
"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh said in his email. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."
Experts offer these tips on choosing safer passwords:
- Don't use the same password for everything. Consumer Reports suggests having three passwords – one for financial sites, one for personal sites and one that requires no identification, such as Facebook or a blog.
- Use a mix of letters, number and special characters.
- Start with a phrase that's easy to remember and then mix it up by spelling a word or two backwards, adding numbers and ending with an exclamation point.