Zappos.com has become the latest site to have to take the unpleasant step of emailing its entire customer base (over 24 million!) to deliver some bad news.
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
The email goes on to give “the better news” that the database housing all of the credit card data was not compromise, and thus unaffected.
In an internal email to employees, CEO Tony Hsieh give a tad more information on what went down.
We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.
So far, the company has reset all passwords and is actively working with law enforcement to bring the attacker(s) to justice.