Zappos says creditcard and payment data was not exposed
The company has reset the passwords of 24 million customers and asked them to choose new ones.
It said names, email addresses and other personal information may have been exposed, but not full creditcard numbers.
Though significant, other attacks have been larger. In 2010 a US court convicted a hacker of stealing more than 130 million card details.
Zappos, which was founded by in 1999 by Nick Swinmurn, started out as an online shoe retailer but now sells clothing and accessories.
It was sold to Amazon for more that $1bn (£650m) in 2009.
In an email to staff sent on Sunday and posted on the company website, Zappos chief executive Tony Hsieh said: "We were recently the victim of a cyber-attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.
"We are co-operating with law enforcement to undergo an exhaustive investigation."
Mr Hsieh added: "We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident."
Customer details
Following the attack the company wrote to its 24 million customers asking them to choose new passwords for zappos.com and any other site where they may have used the same or similar password.
The email said the attack had potentially exposed the name, email address, billing and shipping address and phone number of customers.
It also warned that "the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)" may have been exposed in the attack.
However, in his message to company staff Mr Hsieh stressed that the creditcard and payment database had not been accessed.
No comments:
Post a Comment