In association with heise online

16 January 2012, 11:01

Customer data exposed in breach

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zappos logo US-based online shoe and apparel shop has confirmed that it has been the victim of an attack on its servers. The security breach by an unknown party or parties through one of the company's servers in Kentucky is said to have exposed the private data of the subsidiary's more than 24 million customers.

In an email sent to customers, Zappos CEO Tony Hsieh said that information that may have been accessed in the breach included customer names, email addresses, billing and shipping addresses, telephone numbers and the last four digits of credit cards used, as well as "cryptographically scrambled" versions of site passwords. The database that contains customer's full credit card details and other payment data "was not affected or accessed", added Hsieh. As a security precaution, has reset and expired customer passwords; customers who use the same or a similar password on other sites are advised to change those as well.

Further details about the attack, including how and when it took place and was first discovered, have yet to be disclosed. The company says that it is cooperating with law enforcement and that an investigation is currently taking place. Customers of, which is owned by Zappos, are also affected.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit