Published on January 15th, 2012 | by Kim LaCapria0
Zappos, 6PM Users Prompted to Change Passwords After Massive Breach
Have you ever ordered from Zappos or its bargain basement sister site 6PM.com?
If so, you may have gotten a somewhat alarming email tonight from one or both companies prompting you to change your password. The emails from Zappos and 6PM don’t mince words, informing customers that sensitive data belonging to 24 million customers may have been breached. In the email, Zappos describes the information that may have been leaked in the massive hack. The company says:
“We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).”
CEO Tony Hsieh said that all employees will be on hand to clean up the breach, and in an email to staff, he wrote:
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.”
Hsieh expressed regret at tarnishing the company’s strong standing in the eyes of customers, continuing in the email:
“We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident. I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”
Although passwords were encrypted, it is advised that customers who use a similar password across websites change any they may feel resemble their Zappos or 6PM passwords in the event the hackers decrypt the data. In order to change your password, simply visit Zappos.com or 6PM.com and look for the “reset your password” link in the upper right hand corner.