Zappos Dealing With Data Breach
Online shoe and clothing retailer directs customers to reset their passwords via a dedicated password-reset page
Online shoe and clothing retailer Zappos, which is owned by Amazon.com, began emailing its 24 million customers Sunday, advising them that its site had been hacked, and some customers' personal details and account information likely stolen. But Zappos said that no credit or debit card information had been accessed by attackers.
"We were recently the victim of a cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," said Zappos CEO Tony Hsieh in an email that was sent to all Zappos employees Sunday, shortly before the company sent an email to its customers, warning them about the breach.
The stolen data, said Hsieh, may have included each customer's name, email address, billing and shipping address, the last four digits of their credit card number, and a "cryptographically scrambled" version of their website password. Such encryption, however, might not prevent attackers from eventually recovering passwords. Likewise, any customers who reused their Zappos password on another website that had suffered a breach would be at risk from attackers using that password to access their Zappos account.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024