Online shoe and apparel retailer Zappos.com has announced that it has been the victim of a cyber attack that exposed user information for some 24 million customers. For a company that has built its reputation on responsiveness and ease of use, the news is certainly an embarrassment. However, it’s not all bad news.
The intruders were able to get a bevy of information from Zappos.com. In an email published on the site’s blog, CEO Tony Hsieh and breaks down the worst of it:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
Even better news: Hsieh went on to say that payment information and full credit card numbers were stored on a separate server that was unaffected by the attack. So you won’t get ripped off outright.
In response to the attack, Zappos has reset passwords for millions of its users. The exposure of passwords is particularly troubling, but it’s an enormous relief that they are scrambled. Hopefully this will keep users that have the same email and password combinations for Zappos on other sites secure. Remember back when Gawker got hacked and everybody everywhere had to change their passwords for everything? Hopefully we won’t have to go through all that again.
For Zappos, the hack is a devestating hit to their reputation. To make matters worse, the company disconnected its phones and is answering customer inquires via email. Hsieh writes:
We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)
This is surely bad news, but good for Zappos for being so transparent about what’s going on. Their reputation seems well earned. For Zappos users out there, keep an eye on your credit card statements and social media accounts. Hopefully we all dodged a bullet with this one.