Non-U.S. customers kept in dark as Zappos cleans up after data breach
Online shoe and apparel shop Zappos.com is advising over 24 million customers to change their passwords following a data breach, but its website is currently inaccessible to people outside the U.S.
Zappos employees received an email from CEO Tony Hsieh on Sunday, alerting them about a security breach that involved the online shop's customer database.
"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation," Hsieh said in the email.
Even though he assured everyone that no credit card details had been compromised, Hsieh revealed that the attacker had accessed customer records including names; email, billing and shipping addresses; phone numbers, and the last four digits of their credit card numbers.
The hacker also gained access to password hashes for the accounts registered on the website, prompting the company to reset everyone's access codes. Zappos is currently in the process of emailing its 24 million customers in order to notify them about the security breach and advise them to change their passwords. Read more...