Over the weekend, hackers gained access to customer data stored on Zappos’ servers. The company, which is owned by online giant Amazon.com, sent out e-mails to customers on Sunday, advising them to reset their passwords. Zappos also expired all customers’ passwords as a security measure. The popular shoe and clothing company advised that the databases retaining critical credit card information and payment data remained untouched and secure.
Sunday’s e-mail message advised, “We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).”
Zappos now requires that customers’ passwords be more complex, containing numbers, letters, at least one uppercase letter, and one character. Officials from Zappos also advised all users to change their passwords for other sites if they were the same or similar to the passwords used for Zappos.com. As an action against phishing activities, Zappos also reminded customers that the shop will never ask for personal or account information via e-mail. All Internet users, whether affiliated with Zappos or not, should be wary of any unusual e-mails asking for personal account information or other identification data.
A lot of information related to the breach is still unknown – how long the hackers had access, when exactly the breach took place, and other key factors related to its detection. Many open questions are flying about and their resolution is likely buried beneath days of advanced security enhancements and corporate officials putting the pieces back together.
While customers’ payment information is allegedly deemed safe in this recent cyber attack, customers of Zappos should still beware of future attacks on their identity and personal information. Impersonation and fraud scams have now become a very possible reality for those who have had their information compromised. Zappos officials warn all customers to be especially cautious with any e-mail and telephone inquiries that may in fact be scams.
Phone lines into Zappos customer service Tuesday were not accepting calls, and customers have been advised to e-mail [email protected] if they have any questions or concerns related to their accounts and the recent security breach.
A Few Safe Password Tips:
* Even if this Zappos incident did not impact you directly, it is a good reminder to choose complex, secure passwords, especially for online shopping sites and other places where your personal data is stored.
* When possible, avoid using the same password for all or most of your online activities.
* Change your password to sensitive sites and those that store financial information every so often. Chances are your bank forces you to update your password. Consider doing the same for your other financial memberships – credit card website logins, PayPal accounts, and other online shopping sites.