Zappos Security Breach Results in 24 Million Compromised Accounts

Paul Lilly

Zappos, the online apparel shop acquired by Amazon in July 2009 for $928 million in stock and cash, began alerting millions of customers over the weekend that it was hit hard by a data breach that may have granted cyber crooks access to sensitive account information, including the last four digits of any credit cards on file. The database that stores full credit card information and other payment data was not affected or accessed, the company said.

"We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)," Zappos wrote in an email to its customers.

Zappos on Sunday said it was notifying the more than 24 million customer accounts contained in its database advising them that their passwords have been expired and reset due to the data breach. The e-commerce site is also letting customers know that its phone systems have been voluntarily shut down.

"Due to the volume of inquiries we are expecting, we realized that we could serve the most customers by answering their questions by email. We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume (If 5 percent of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place), Zappos said.

International customers may not have it so easy. According to PCWorld , Zappos announced on its Twitter account that it's undergoing some system maintenance that may limit account access for customers living overseas, though that tweet appears to have been removed form the company's feed.

Image Credit:

Around the web