Zappos customer data accessed in security breach

Online shoe retailer says information such as user names, addresses, and passwords was accessed, but no critical payment data was accessed.

Zappos is urging its customers to change their passwords after an intruder gained unauthorized access to the online shoe retailer's servers.

Customers' names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers, and their scrambled passwords may have been illegally accessed, Zappos CEO Tony Hsieh said in a letter sent to the company's 24 million customers today. However, he said that "critical credit card data and other payment data was not affected or accessed."

The company has voided and reset customer passwords so that new ones can be created, Hsieh wrote in the letter, which includes a link and instructions for creating a new password. The letter also urges customers to change their passwords at other sites if they are the same or similar to the ones used at Zappos.

"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh wrote in the letter. "I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."

Hsieh said that all employees at the company's headquarters, regardless of their department, would be enlisted to help assist customers.

Hsieh wrote that the affected servers are located in Kentucky but did not indicate when the breach occurred. He said the company was cooperating with law enforcement officials on an investigation of the breach.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Google unveils a new logo

A new Google logo steals attention away from another Google announcement.

by Iyaz Akhtar