Online shoe retailer Zappos.com has been targeted by hackers, company CEO Tony Hsieh reported on Sunday. Personal information—including e-mail addresses, names, phone numbers, and shipping addresses—for more than 24 million Zappos customers may have been compromised, Hsieh wrote in an e-mail to employees.
In an additional and separate e-mail to customers, Hsieh said:
The database that stores your critical credit card and other payment data was NOT affected or accessed.
The attack against Zappos, a unit of giant online retailer Amazon, is still being investigated. As a safety precaution, Zappos has automatically expired passwords for its customers' accounts, requiring returning users to create new log-in codes to access their accounts.
Here are some hints for safer online shopping:
- Never use the same password for multiple sites. Minimize the chance that a hacker can gain access to your other online accounts from the information cracked.
- Create and use separate e-mail addresses. Specific e-mail accounts for specific shopping sites—say, "MyAmazonAccount@gmail.com"—will limit your data exposure if only one particular online retailer gets hacked.
- Never use any part of your name or any other easily guessed word in your password.
- Use a strong password. These are phrases that are a mixture of letters and numbers. Substituting numbers for letters might help you remember your login a well—"pa55w0rd" instead of "password," for example. Some websites will allow the use of symbols, such as ! and #, as well as distinguish letter cases. For more information, see: How to create a strong password (and remember it!)
For more ways on how to protect your information while surfing the Internet, see Consumer Reports' Guide to online security.
Security e-mail sent by Tony Hsieh, CEO [Zappos.com]
Password change e-mail sent to customers [Zappos]
Zappos Says Customer Database Hacked [Associated Press via Time's Techland blog]