24 Million Credit Card Users Info Hacked… Again

In yet another breach of security, hackers have successfully stolen private and identifiable information for 24 million Zappos customers’ credit cards.

Zappos, part of the Amazon family, emailed millions of customers in mid-January that it was recently the target of a cyber attack that gained access to its internal network. In the email, it stressed that no “complete” credit card numbers were stolen; however, customer names, email addresses, phone numbers and even the last four digits of social security numbers were stolen. Even the so-called “encrypted” passwords were gained. The email goes on to say that its team had already taken the precaution of resetting the passwords of all its customers and directing them to set a new password upon visiting the site.

Zappos Responds

Part of the email, authored by CEO Tony Hsieh read:

We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky… we are cooperating with law enforcement to undergo an exhaustive investigation.

Further complicating matters, tough, is the fact that consumers are being encouraged to change all of their online passwords, especially those who use the same password around the web. This is a precaution the company is urging customers to take

in case Zappos’ intruders are able to decrypt the scrambled passwords they’ve stolen.

The email also encourages consumers to remain vigilant, especially for things like phishing emails that will use their stolen email addresses to spoof official Zappos emails and ask for account credentials or financial details.

Don’t Call Us

Hsieh continued with encouraging customers to email versus calling and said representatives would only be responding to emails versus phone calls. He says the company is expecting “massive numbers of queries”.

For their part, the big credit card networks are reminding consumers of ways to keep the potential for secondary problems at a minimum. Visa has on its website “proactive steps” for consumers to take. It’s reminding consumers to ensure their computers have firewalls and a current up to date virus protection program and to only shop online with merchants that have established reputations. Reading the privacy policy on any site is important and Visa warns the absence of these policies should be a red flag.

MasterCard, on its website, reiterates the Visa message and warns consumers to never respond to suspicious emails and to never click on links within those emails. It provides pointers on how to identify safe shopping sites, including the presence of SSL security and the additional “s” (which stands for secured) at the end of the “http” in the browser bar. Strong passwords with letters, numbers and symbols are encouraged, too.


The FTC warns that approximately 9 million (and growing) American consumers have their private information stolen each year. Of course, this number is sure to grow, especially considering this latest hack that jeopardizes 23 millions customers.

Finally, the FTC also encourages consumers who are especially concerned to contact the three credit bureaus and request a fraud alert be placed on their credit files. There are two types of alerts: an initial fraud alert, which is good for 90 days and an extended alert, which is in effect for seven years. Naturally, an extended alert introduces a lot of red tape anytime you apply for credit, but for many, it’s the only peace of mind they have left available.

What You Can Do

For those wishing to place any kind of alert on their accounts, you may contact the three credit bureaus: Each one has its own process for putting these security alerts on your credit files. Keep in mind – in order to ensure the alerts serve their purposes, you’ll want to have one placed at all three bureaus.

Equifax: 800-525-6285
Experian: 888-EXPERIAN (397-3742)
TransUnion: 800-680-7289

If you’re concerned your credit card information was one of the 23 million compromised, you can email Zappos at securityquestions@zappos.com. Remember, the company is not responding to phone calls.

Those familiar with internet security protocol say it was unfortunate, but that it does not appear Zappos did anything wrong or left any known vulnerabilities open for the cyber hackers.

Similar Credit Card Blog Posts

No Comments »

Leave a comment