Tuesday, January 17, 2012
Zappos.com, one of the largest online retailers of shoes and apparel, disclosed Sunday that it was hit by a cyber attack. The attack compromised as many as 24 million accounts. Personal data may have been taken, but credit card numbers are encrypted and thus cannot be stolen.
Information that may have been compromised includes customers shipping addresses, phone numbers, email addresses, account passwords and the last four digits of any credit card used. Though credit card numbers are encrypted by the Payment Card Industry Data Security Standard, other personal information is often not. This is common practice among e-commerce websites.
|… there’s no one fighting for the individual consumer whose e-mail address falls into the possession of hackers.|
Todd Feinman of Identity Finder told USA Today, “Visa and MasterCard fight to protect credit card numbers, but there’s no one fighting for the individual consumer whose e-mail address falls into the possession of hackers.”
Zappos.com required its users change their account passwords. It notified users of the required change and updated on the situation through an email. They also advised users to change their password on other websites if it is similar to the one used on Zappos.
In a blogpost, Zappos CEO Tony Hsieh said “We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”