Customer data exposed in Zappos.com breach
US-based online shoe and apparel shop Zappos.com has confirmed that it has been the victim of an attack on its servers. The security breach by an unknown party or parties through one of the company's servers in Kentucky is said to have exposed the private data of the Amazon.com subsidiary's more than 24 million customers.
In an email sent to customers, Zappos CEO Tony Hsieh said that information that may have been accessed in the breach included customer names, email addresses, billing and shipping addresses, telephone numbers and the last four digits of credit cards used, as well as "cryptographically scrambled" versions of site passwords. The database that contains customer's full credit card details and other payment data "was not affected or accessed", added Hsieh. As a security precaution, Zappos.com has reset and expired customer passwords; customers who use the same or a similar password on other sites are advised to change those as well.
Further details about the attack, including how and when it took place and was first discovered, have yet to be disclosed. The company says that it is cooperating with law enforcement and that an investigation is currently taking place. Customers of 6pm.com, which is owned by Zappos, are also affected.