National News

Online shoe seller Zappos says customer database hacked

Posted January 16, 2012

Zappos shoe boxes line up on a conveyor belt to be shipped. The online shoe seller is asking 24 million customers to change their passwords after hackers gained access to the company's internal server.

— Online shoe seller says a hacker may have accessed the personal information of up to 24 million customers.

Customers' credit card and payment information was not stolen, but names, phone numbers, email addresses, billing and shipping addresses, the last four digits from credit cards and more may have been accessed in the attack, according to an email that CEO Tony Hsieh sent on Sunday to employees.

Zappos is contacting customers by email and urging them to change their passwords.

Zappos said the hacker gained access to its internal network and systems through one of the company's servers in Kentucky. Zappos is based in Las Vegas. It is owned by Seattle-based Inc.

Zappos Choose better passwords to prevent online hacking

"We've spent over 12 years building our reputation, brand, and trust with our customers," Hsieh said in his email. "It's painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."

Experts offer these tips on choosing safer passwords:

  • Don't use the same password for everything. Consumer Reports suggests having three passwords – one for financial sites, one for personal sites and one that requires no identification, such as Facebook or a blog.
  • Use a mix of letters, number and special characters.
  • Start with a phrase that's easy to remember and then mix it up by spelling a word or two backwards, adding numbers and ending with an exclamation point.

This story is closed for comments.

Oldest First
View all