Yet another cyber attack has been revealed that affects tens of millions of people. This time the victim was the online retail web site Zappos.com. In a message posted on its blog site late on Sunday, the company said:
We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.
Zappos said that the database had information on over 24 million customers. The information included names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of the customer's credit card number, and the customers cryptographically scrambled password. Zappos claims that full credit card numbers and other payment information was not exposed as a result of the database attack.
The company is telling customers to reset their Zappos passwords due to this security breach and adds, "We also recommend that you change your password on any other web site where you use the same or a similar password."
Zappos is also temporarily shutting down its phone support and will be handling customer support via email only. The company says the reason for this move is "because our phone systems simply aren't capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.)"