Online retailer Zappos says hacker may accessed 24million customers' information



Amazon's online shoe shop Zappos.com has revealed the personal information of 24 million customers has been hacked.

The Nevada-based firm said customers' names, e-mail addresses, billing and shipping addresses, phone numbers, and the last four digits of consumers' credit card numbers may have been accessed.



Full credit card numbers were not stolen, the firm said, because they were stored separately.

Hacked: Nevada-based firm Zappos said customers' details may have been accessed

The announcement made on the retailer's website last night included the text of an e-mail that Zappos customers will soon receive.

The message, signed by Tony Hsieh, Zappos CEO, said : 'We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.

'We are cooperating with law enforcement to undergo an exhaustive investigation.

'For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.

'We also recommend that you change your password on any other web site where you use the same or a similar password.'

While passwords that may have been stolen were cryptographically scrambled, Zappos said, it is still requiring all consumers to change their passwords.

Online retailer Zappos.com has come under attack from hackers, it announced

Zappos also recommends that consumers who use their Zappos password on other sites - a common, if unsafe, practice - should change those passwords, too.

The firm has set up a special web page for customers to visit and change the password.

Anticipating a flood of customer service calls in response to the notification e-mail, Zappos is taking the unusual step of turning off its customer service telephone lines and forcing consumers with questions to send them in via e-mail.

'Due to the volume of inquiries we are expecting, we realised that we could serve the most customers by answering their questions by email,' Mr Hsieh said in a note to employees, also posted on the firm's web page.

'We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume. (If five per cent of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.) '

Mr Hsieh said the firm would have 'all hands on deck,' to help customers with questions.

Judged by the number of customers impacted, Zappos' data breach is among the biggest thefts of customer information ever, but still considerably smaller than last year's incident involving the Sony Play Station Network, which reportedly impacted 77 million customers.

Mr Hsieh struck an apologetic tone in both the e-mail to consumers and the memo to staff.

'We've spent over 12 years building our reputation, brand, and trust with our customers. It's painful to see us take so many steps back due to a single incident,' he said in the memo.

'I suppose the one saving grace is that the database that stores our customers' critical credit card and other payment data was not affected or accessed.'

In 2009 Zappos was bought by Amazon in a reported $1billion-plus deal, the biggest in the Seattle-based giant's history.