Zappos Hacked, 24 Million Account Holders Info Taken

By Jeralyn, Section Media
Posted on Mon Jan 16, 2012 at 11:54:50 AM EST
Tags: (all tags)

Share This: Digg!

Zappos has been hacked -- including its database of 24 million customers.

there may have been illegal and unauthorized access to some of your customer account information...including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password)."

So the good news is Zappos kept credit card information on a separate server that wasn't hacked. The bad news is if you've ordered from Zappos, hackers now have your name and address, order information, email address and the password you used for Zappos. [More...]

Zappos has changed all email addresses, but with so many customers, getting access to your new password is delayed. They say 30 minutes, it's much longer than that. I'm still waiting. If you need to reset your password, start here.

Here's Zappo's e-mail to its employees about the situation. They've shut down their phone service because it would be overwhelmed. They are being good about sending human generated email responses.

Here's one I just received:

Thank you for contacting the Zappos.com Customer Loyalty Team.

I am terribly sorry for the delay in your receiving confirmation of your email reset password. Due to the current high volume of requests for password resets, there have been noticeable delays by the email notification. This means that your request has been processed as you requested, but it may take time before it arrives at the requested email address.

If you run into a further issues involving your account, please feel free to contact via a response to this email or send your reply to xxxxxxx@xxxxx.com.

< Martin Luther King, Jr. Day and Open Thread | Monday Night Open Thread >

Legal

Nothing on this site should be construed as legal advice. TalkLeft does not give legal advice.

TalkLeft is not responsible for and often disagrees with material posted in the comments section. Read at your own risk.

Zappos Hacked, 24 Million Account Holders Info Taken | 14 comments (14 topical)

Readers Must Login or Create an Account to Comment

Oh, No! (5.00 / 3) (#3)
by Peter G on Mon Jan 16, 2012 at 02:37:38 PM EST

The hackers will know my sneaker size and color preferences.

if you used the same password (5.00 / 0) (#5)
by Jeralyn on Mon Jan 16, 2012 at 04:37:02 PM EST

for other sites you should change those passwords now.


I agree, Jeralyn (none / 0) (#6)
by Zorba on Mon Jan 16, 2012 at 04:44:16 PM EST

We wound up with some kind of virus on our computer that we could not get rid of. We had to wind up wiping everything and starting over. And even after that, I changed all of our passwords, on every single site. What a pain in the @ss that was! (We have never used the same password on different sites, so we had a whole boatload of passwords to change.)


I don't understand (none / 0) (#7)
by Peter G on Mon Jan 16, 2012 at 05:20:36 PM EST

why a hack of "your cryptographically scrambled password (but not your actual password)" (as my message from Zappos says) would compromise that or any other password. Can anyone explain?


: about those hashes (none / 0) (#10)
by rwelty on Mon Jan 16, 2012 at 08:40:35 PM EST

the hackers got copies of the hashed passwords. crypto hashes produce test strings of 32 or 64 characters (or more) that don't resemble in any way the original password, but feeding the password through the hash algorithm will always produce the same hash.
the trick is try and back ou