Zappos.com hack compromises partial credit card data

By , CardRatings contributor
  • Google +
  • Twitter
  • Facebook

Popular online shoe retailer Zappos.com alerted its employees and customers of a data breach that allowed hackers to see shoppers' personal information, but not their credit card numbers. In a posting on his company's public blog, Zappos CEO Tony Hsieh advised employees to set aside at least 20 minutes to review information about the cyber attack, and to assure customers that payment data was stored in systems separate from the Kentucky server farm that hackers accessed.

Calling the event "painful," Hsieh admitted that hackers accessed customers' names, e-mail addresses, and phone numbers, along with their physical addresses and the last four digits of their credit card numbers. In addition, hackers accessed cryptologically scrambled versions of customers' passwords. Like many websites, Zappos' login form uses a secret algorithm to obscure each users' real password, even within its own system. That industry best practice prevents internal theft, while protecting customers who prefer to use the same password on multiple websites.

With the company's phone system unable to sustain the potential volume of calls about the attack, Hsieh alerted employees that Zappos.com would move its entire customer service operation to e-mail for a day or two. Upon restoration of inbound phone service to the company, employees will have completed detailed training designed to help customers select new, secure passwords for their online shopping accounts.

Even though no customers' account numbers fell into the hackers' possession, investigators suggest that Zappos' 24 million customers may want to examine their bank statements with extra vigilance. Some fraud rings use consumers' personal information in "phishing attacks," attempting to convince a target to surrender crucial information, such as Social Security numbers or online banking passwords. Likewise, criminals have been known to use similar personal details to find locations where fraudulent items can be shipped without detection or interference.

Most credit cards offer automatic purchase protection programs, leaving customers liable for a maximum of $50 in fraudulent transactions. However, prepaid debit cards and payment cards linked to bank accounts often provide only limited protection against fraud or theft.

0 Responses to "Zappos.com hack compromises partial credit card data"

No Comments

Leave a Comment
About Our Ratings ×

Our editors rate credit cards objectively based on the features the credit card offers consumers, the fees and interest rates, and how a credit card compares with other cards in its category. Ratings vary by category, and the same card may receive a certain number of stars in one category and a higher or lower number in another.

The ratings are the expert opinion of our editors, and not influenced by any remuneration this site may receive from card issuers.

Advertisers in our database are highlighted, and advertisements include an option to apply using links on our site. CardRatings.com may be compensated by companies mentioned on the site when a user's application is accepted or approved by such companies.

How do your cards stack up?

Compare your card starting here


Featured Partner Cards