Zappos customer data accessed in security breach
Online shoe retailer says information such as user names, addresses, and passwords was accessed, but no critical payment data was accessed.
Zappos is urging its customers to change their passwords after an intruder gained unauthorized access to the online shoe retailer's servers.
Customers' names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers, and their scrambled passwords may have been illegally accessed, Zappos CEO Tony Hsieh said in a letter sent to the company's 24 million customers today. However, he said that "critical credit card data and other payment data was not affected or accessed."
The company has voided and reset customer passwords so that new ones can be created, Hsieh wrote in the letter, which includes a link and instructions for creating a new password. The letter also urges customers to change their passwords at other sites if they are the same or similar to the ones used at Zappos.
"We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident," Hsieh wrote in the letter. "I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed."
Hsieh said that all employees at the company's headquarters, regardless of their department, would be enlisted to help assist customers.
Hsieh wrote that the affected servers are located in Kentucky but did not indicate when the breach occurred. He said the company was cooperating with law enforcement officials on an investigation of the breach.