A notification mail is circulating stating that “Zappos. com” has been hacked. The online shoe and apparel outlet has apologised over a massive data breach that exposed the personal details of up to 24 million people.
The breach exposed names, email addresses, addresses, phone numbers, password hashes and the last four digits of customer’s social security numbers and/or credit cards (There are differeing reports on this, assume the worst). Zappos insists that credit card data was not compromised.
The Zappos webiste currently returns the message: We are so sorry – we are currently not accepting international traffic. If you have any questions please email us at firstname.lastname@example.org. Zappos is blocking international traffic to its blog, so customers outside the US are unable to see CEO Tony Hsieh’s explanation on how the breach happened, which was posted late on Sunday night.
The explanation said that hackers “gained access to parts of our internal network and systems” through a server in Kentucky. Zappos has reset passwords and is in the process of notifying customers about the breach.
Zappos has suspended its telephone support operation, asking customers to contact it only via email.
Customers who may have used the same account login and password at other sites would be well advised to change those passwords ASAP. This breach can be expected to result in phishing attacks and spam camapigns targeting these users.