Zappos hacked: Information from 24 million users stolen


CHICAGO — Online retailer and its discount
affiliate,, disclosed Sunday a data breach that compromised
customer account information such as billing addresses and the last four
digits of credit card numbers.

The security problem did not affect “critical credit
card and other payment data,” Zappos Chief Executive Tony Hsieh wrote in
an employee email that was posted on the company blog on Sunday.

Hsieh explained that the company was “the victim of a
cyber attack by a criminal who gained access to parts of our internal
network and systems through one of our servers in Kentucky.”

A company spokeswoman said Zappos was unable to comment further on the data breach.

The retailer has more than 24 million customer
accounts in its database, according to Hsieh’s memo, and the company is
notifying customers of the data breach via email. It has expired
shoppers’ passwords so they must create new ones to access their

In the letters, Zappos and 6pm said “there may have
been illegal and unauthorized access to some of your customer account
information … including one or more of the following: your name, email
address, billing and shipping addresses, phone number, the last four
digits of your credit card number (the standard information you find on
receipts), and/or your cryptographically scrambled password (but not
your actual password).”

The company emphasized that the database storing
credit card information was not accessed by the cybercriminal, and urged
customers to reset passwords on other websites where they use a similar


©2012 the Chicago Tribune

Visit the Chicago Tribune at

Distributed by MCT Information Services