Zappos, an online shoe and apparel store, had an estimated 24 million accounts hacked, leading to the company’s online security being scrutinized.
In a security email written to his employees, Zappos CEO Tony Hsieh explained that the company was hacked. However, he assured employees that important customer information was spared.
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” Hseieh wrote. “We are cooperating with law enforcement to undergo an exhaustive investigation. Unfortunately we are not able to provide any more details about specifics of the attack beyond what is in this email and the link at the end of this email, but we can say that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”
However, the Zappos CEO admitted that some customer information was compromised.
“We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password),” he wrote.
However, Hseieh spoke about some precautions that the company has taken, including the resetting of passwords and creating a webpage to handle customer inquiries. Despite the open letter that Hseieh posted on the Zappos’ Twitter account, some customers took to the social networking website to express concern about the matter.
“Why would someone hack into Zappos' website and steal people's card information," one person questioned on Twitter. "Deleting account now!"
Bill Matthews, a representative from an information security firm known as Hurricane Labs expressed the issues evident in the hacking ordeal despite the company’s communication with customers.
In “Shopper Trust - The Zappos Ordeal,” Matthews questioned some of the security precautions that people take when using sites like Zappos, which is owned by Amazon.
“Bottom line – a whole lot of personal information just got leaked,” Matthews said. “Zappos claims no credit card information was stolen but enough data was probably leaked that the thieves will make some money from identities, etc. The larger points are that you should not only be careful about who you share information with but what you allow them to store.”