First, the good news: the Zappos
server that holds its customers sensitive financial information (such as credit card numbers) was not hacked this weekend. The bad news, however, is that hackers made off with just about every other type of customer information they could want, including names; email, billing, and shipping addresses; phone numbers; the last four digits of customers’ social security numbers; and their cryptographically scrambled passwords.
Zappos CEO Tony Hsieh. Credit: worldofusability
In an email sent to its customers this weekend and subsequently posted on its blog
, online shoe and clothing retailer Zappos revealed the cyber attack, the extend of its damage and scope, and what it was planning to do about it.
The company estimates that more than 24 million customer accounts were compromised, and it began taking immediate (if only modestly helpful) action by resetting or expiring all existing passwords. Thus, customers need to go in to their accounts and reset them.
Zappos is redirecting all of its staff at HQ--regardless of position--to help customers sort out problems and reset their passwords. To better handle the volume of customer requests and inquiries, Zappos is shutting down its phone service temporarily (unsurprisingly, it doesn’t have the phone resources to field 24 million calls in the span of a few days) and relying solely on email for the task.