Hackers may have made off with data from as many as 24 million customers from online retailer Zappos.com, the company reported on its blog and in an email sent to employees Sunday night.
Anticipating a flood of customer inquiries, Zappos said it was turning off its customer phone system and only responding to inquires sent by email. In its message, the company emphasized that the database that stores customer credit card and payment info was not accessed.
In an email to customers affected by the attack, Zappos said the information that was compromised included “one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).”
The company is resetting all of its customers passwords. Customers who were affected by the attack were told – in CAPS LOCK – to create a new password as soon as possible.
The hackers gained access to the company’s database through a server in Kentucky. CEO Tony Hsieh said the company was working with law enforcement and would conduct an “ehaustive investigation.”