A criminal accessed Zappos consumer account information, the online retailer said in a Jan. 15 blog post.
The hacker may have gained access to “your name, email address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)” through one of the company’s Kentucky servers, Zappos said the company blog post. The company said its database storing payment information, such as credit card data, was not “affected or accessed.”
Zappos referred request for comment to the company blog post.
In a company-wide email dated Jan. 15 and embedded in the blog post, Zappos CEO Tony Hsieh said, “Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts. (We’ve already reset and expired their existing passwords.)”
Zappos is directing customers to a dedicated landing page for assistance in changing their passwords.
The Zappos breach is less than a year removed from two high-profile breaches that occurred last spring. Email marketing vendor Epsilon said in April that the names and email information of 2% of its total client base had been compromised. And in May Sony Corp. said hackers may have accessed information — such as names, addresses, email addresses, birth dates and phone numbers — for 101.6 million customers.