In yet another breach of security, hackers have successfully stolen private and identifiable information for 24 million Zappos customers’ credit cards.
Zappos, part of the Amazon family, emailed millions of customers in mid-January that it was recently the target of a cyber attack that gained access to its internal network. In the email, it stressed that no “complete” credit card numbers were stolen; however, customer names, email addresses, phone numbers and even the last four digits of social security numbers were stolen. Even the so-called “encrypted” passwords were gained. The email goes on to say that its team had already taken the precaution of resetting the passwords of all its customers and directing them to set a new password upon visiting the site.
Part of the email, authored by CEO Tony Hsieh read:
We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky… we are cooperating with law enforcement to undergo an exhaustive investigation.
Further complicating matters, tough, is the fact that consumers are being encouraged to change all of their online passwords, especially those who use the same password around the web. This is a precaution the company is urging customers to take
in case Zappos’ intruders are able to decrypt the scrambled passwords they’ve stolen.
The email also encourages consumers to remain vigilant, especially for things like phishing emails that will use their stolen email addresses to spoof official Zappos emails and ask for account credentials or financial details.
Don’t Call Us
Hsieh continued with encouraging customers to email versus calling and said representatives would only be responding to emails versus phone calls. He says the company is expecting “massive numbers of queries”.
MasterCard, on its website, reiterates the Visa message and warns consumers to never respond to suspicious emails and to never click on links within those emails. It provides pointers on how to identify safe shopping sites, including the presence of SSL security and the additional “s” (which stands for secured) at the end of the “http” in the browser bar. Strong passwords with letters, numbers and symbols are encouraged, too.
The FTC warns that approximately 9 million (and growing) American consumers have their private information stolen each year. Of course, this number is sure to grow, especially considering this latest hack that jeopardizes 23 millions customers.
Finally, the FTC also encourages consumers who are especially concerned to contact the three credit bureaus and request a fraud alert be placed on their credit files. There are two types of alerts: an initial fraud alert, which is good for 90 days and an extended alert, which is in effect for seven years. Naturally, an extended alert introduces a lot of red tape anytime you apply for credit, but for many, it’s the only peace of mind they have left available.
What You Can Do
For those wishing to place any kind of alert on their accounts, you may contact the three credit bureaus: Each one has its own process for putting these security alerts on your credit files. Keep in mind – in order to ensure the alerts serve their purposes, you’ll want to have one placed at all three bureaus.
Experian: 888-EXPERIAN (397-3742)
If you’re concerned your credit card information was one of the 23 million compromised, you can email Zappos at email@example.com. Remember, the company is not responding to phone calls.
Those familiar with internet security protocol say it was unfortunate, but that it does not appear Zappos did anything wrong or left any known vulnerabilities open for the cyber hackers.
Similar Credit Card Blog Posts
- Credit Monitoring: Worth it or Ditch it?
- Credit Card Companies and Consumer Protection
- Great Credit Card Apps & Programs You Need
- DOJ, FBI Report Credit Card Theft Up in Double Digits
- PayPower Prepaid Debit Card Review
- If Your Credit Cards Could Talk
- MasterCard Contests, Offers