Browse archive

Latest news

(IN)SECURE Magazine issue 34 released

Romanian hackers arrested for hitting government websites

17% of the world's PCs are unprotected

Dissecting modern privacy concerns

DNS-changing Trojan leads to phishing banking sites

Olympics fans targeted with lottery scam

WikiLeaks founder Assange loses extradition appeal

Security and privacy in the AWS cloud

UFED Touch: Field-ready mobile forensics solution

Securing the Virtual Environment

Flamer removal tool from Bitdefender

Hack In The Box conferences

Zappos hacked, info of 24+ million customers may be compromised

Posted on 16 January 2012.

Zappos, the shoe-and-apparel-selling division of Amazon, has been hit by cyber attackers and has had one of its servers compromised and information from it exfiltrated.

The incident was revealed when an internal memo by Zappos CEO Tony Hsie sent to his employees was made public.

In it, he says that the attackers have gained access to parts of the company's internal network and systems through one of their servers in Kentucky, that the FBI has been involved in the investigation, that the 24+ million customers will be notified of the fact and asked to change the password to their accounts, and that credit card data and payment data was not accessed.

He also included the email that the customers will be receiving, in which they are warned about the possibility of their name, e-mail address, billing and shipping addresses, phone number, the last four digits of their credit card number, and their "cryptographically scrambled" password having been compromised.

The email will advise the customers to create a new password for their Zappos.com account and to change the password to other online accounts if they have used the same one for multiple accounts.