Zappos.com, an online shoe store owned by Amazon.com, was the victim of a cyber attacks which resulted in the compromise of account information for 24 million customers.
Zappos CEO Tony Hsieh, in a letter sent to the company’s affected customers, said names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers, and their scrambled passwords may have been illegally accessed and that “critical credit card data and other payment data was not affected or accessed.” The company has voided and reset customer passwords so that new ones can be created and sent emails asking customers to do so.
Stina Ehrensvard, CEO of authentication device maker Yubico said “The hackers will be crunching the password data to identify where weak passwords have been used, as those users often reuse passwords,” and “We’re highly likely to see the data being used elsewhere on the Internet in the coming days.”
USA Today reported the data thieves did not get any credit card numbers because that data was encrypted, as required under the Payment Card Industry Data Security Standard.
