Zappos, the online shoe and clothing retailer, has reset the passwords of 24 million customers and asked them to create new ones after cyber-attackers hacked into the company’s network, potentially stealing names, email addresses and other personal information.
The e-retailer, which was founded in 1999 by Nick Swinmurn and sold to Amazon for more than $1 billion a decade later, says full credit card numbers were not exposed during the attack, according to the BBC.
A statement posted on Zappos’ blog (here, though the site is currently not accepting international traffic) says the company was “recently the victim of a cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” and that Zappos is “cooperating with law enforcement to undergo an exhaustive investigation.”
Zappos CEO Tony Hsieh says email addresses, billing and shipping addresses, telephone numbers, the final four digits from credit cards and other information may have been compromised, according to Fox News.
“I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed,” he said.
The company is temporarily switching off its phones due to an increased number of callers, choosing to assist concerned customers via email or Twitter instead.
A special page on the Zappos website has been created to allow users to change their passwords. The attack comes nine months after Sony’s PlayStation Network, which has 70 million customers, was hacked, with users’ names, home addresses, email addresses, birthdays and passwords being stolen, CNN reported.