Zappos says hacker may have accessed info on 24 million customers
The account information for millions of customers at Zappos.com, an online shoe and clothing company, may have been compromised by a cyber attack, the company’s chief executive, Tony Hsieh, wrote Sunday in an e-mail to employees.
In the letter, posted on the Zappos Web site, Mr. Hsieh said a cyber criminal “gained access to parts of our internal network and systems” through one of the company’s servers in Kentucky.
He wrote, in capital lettering, that the database containing complete credit card and other payment information for Zappos customers had not been accessed.
Mr. Hsieh said the company would send an e-mail notifying the more than 24 million account-holders of the incident, including details about the information that may have been obtained: names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of credit cards. The message encourages customers to create a new password for both Zappos and “any other web site where you use the same or a similar password.”
The company had already reset all passwords, the e-mail said.
Mr. Hsieh said the company made the “hard decision” to temporarily shut off its phones, directing customers to correspond by e-mail because the phone systems “simply aren’t capable” of handling the expected volume of inquiries.