Zappos Suffers Security Breach; Customer Emails And Passwords Affected

It appears that Zappos was the victim of a cyber attack today from a hacker who gained access to the company’s internal network through the company’s servers in Kentucky. While specifics of the attack were not revealed, Zappos says that credit card and payments data were not accessed or affected by the criminal.

CEO Tony Hsieh writes to employees, The most important focus for us right now is the safety and security of our customers’ information. Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts. (We’ve already reset and expired their existing passwords.)

Affected Zappos users simply need to reset their passwords and create a new password, Hsieh explains. In Zappos’ signature quality customer service style, the company has already created a detailed page for any affected users to find out more information. And Hsieh says that in order to service as many customer inquiries as possible, all employees at Zappos’ headquarters, regardless of department, will be asked to help with assisting customers who have questions about the attack.

From the email sent to affected users: We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Hsieh adds that Zappos is cooperating with law enforcement on an ongoing investigation of the incident. Considering Zappos’ impressive customer service (and quick response), it seems that the company is taking all steps to help make sure customers are aware of which data that could have been stolen by the hacker, and encourages users to change their passwords.