Home › News › Security
Amazon-owned Zappos hacked, 24 million accounts compromised
Online retailer Zappos alerted customers late Sunday that it had suffered a security breach, compromising customer account information including names, shipping and billing addresses, phone numbers, and e-mail addresses. Over 24 million customer accounts were affected in the breach.
According to an e-mail from Zappos CEO Tony Hsieh, attackers gained access to parts of the company’s internal network and systems through a server in Kentucky. He emphasized that credit card data -- other than the last 4 digits of credit card numbers shown in transaction information -- was not exposed, and neither was other payment data since the separate database containing that information was not accessed.
Customers' passwords were also exposed in the hack, but the online retailer insisted that they were encrypted, so attackers had no access to the actual passwords. Still, as a precaution, the company reset all customer passwords so they must create new ones to access their accounts. In addition, Zappos is advising users to change their passwords on other websites where they use the same or a similar one.
Amazon.com, which owns Zappos, was not affected by the breach, but customers of Zappos' discount shoe store 6pm.com were and thus their passwords have been reset as well. Both sites have temporarily blocked international traffic as they work with law enforcement to undergo an exhaustive investigation.
User Comments (10)
Post a comment|
ikesmasher on January 16, 2012 12:40 PM |
more and more hacks every day... I think ill say that anon inspired some people. |
|
tehbanz on January 16, 2012 1:24 PM |
yeah, i've stuck to only paypal sites since this all took off (still no proof it was anon though) |
|
Orionlocke on January 16, 2012 1:26 PM |
What is wrong with people these days? Do they say to themselves, "I'm awesome with computers so I think I'll use my skills to perform criminal acts?" It seems like every day there news of yet more and more hacks like this going on. Just to put it into perspective, if someone mugs someone on the street, they're stealing and hurt one person. These bone heads doing these hacks are stealing but instead of hurting one person, they're hurting 24 million people in this case. I wonder if they think about that...or even care. |
|
Guest on January 16, 2012 2:01 PM |
These sorts of attacks are so sophisticated they likely have government backing from "someplace". These are not your young college student 'hacking' into your systems to show-off anymore, its not even criminal activity, which tends to not be very organized anyway. Oh why bother. Enjoy your opinions 
|
|
ikesmasher on January 16, 2012 2:12 PM |
Guest, you'd be surprised how easy some of this stuff is. I mean. PSN got shut down by a DDoS, one of the most common hacks. |
|
dioltcom on January 16, 2012 2:23 PM |
Well, one of my friend informed me that he just got an email and the actual text reads ?cryptographically scrambled password?. That definitely sounds like hashed passwords to me, but one can only hope they were salted. |
|
Cellar on January 16, 2012 3:10 PM |
What is up with all the hackers lately. |
|
Emin3nce on January 16, 2012 4:38 PM |
Wait... They changed it so the user had to change their password for security; yet the hackers have all the other info. My thoughts; Hacker logs in, says "you must change your password, please provide X and the email address" Done. Hacker now owns the account. Durrr. |
|
treetops on January 16, 2012 9:48 PM |
for a second i thought it was pinzoo the oddly named site i used to get cell phone minutes from, I shake my fist at these hackers |
|
RH00D on January 17, 2012 2:35 PM |
ikesmasher said: PSN being shut down by DDoS and the hack that resulted in the data theft were isolated, close-in-time, incidents performed by separate entities, one being Anonymous (the DDoS) and the other is still unknown as far as I've been updated.Guest, you'd be surprised how easy some of this stuff is. I mean. PSN got shut down by a DDoS, one of the most common hacks. I don't know if you actually did know the difference, as you didn't specifically mention the data theft hacking, but I just wanted to clarify for people who might not have known. Anyways, these days I wouldn't use a "X company was hacked" as a basis for not using them any more. It's all in the way they handle the situation and the preventative defences (real-time intrusion monitoring?) that they have in place that ultimately decides that, to me. |
Most Popular
| Trending | Featured |
-
HTML 5 Gaming Showcase: Old Classics and Modern Games You Can Play for Free
-
Samsung's Massive 5.3-inch Smartphone: Galaxy Note Review
-
Microsoft claims Google foils IE's privacy policies as well
-
Apple settles class action lawsuit, will pay $15 to iPhone 4 owners
-
Microsoft details Windows 8 and SkyDrive integration, Metro-style app