.

What the Zappos Data Breach Means to You

Online shoe seller Zappos announced that a hacker had accessed its systems. What can customers do?

Zappos sent an email this week to its employees explaining the details of a recent security breach. An unauthorized person gained access to names, addresses, email address, the last four digits of the credit card number and “cryptographically scrambled password.” They did not gain access to full-payment information. Zappos is requiring password resets for all customer accounts.

Zappos, which Amazon acquired in 2009, has “Powered by Service” as their motto. They have a very loyal customer base which gets them consistently listed as one of the most customer friendly online retailers and they have had many tales of their above-and-beyond service in online and print media.

Sites such as Lifehacker have published articles on what to do, but at this point I think the advice offered by Zappos is the best to follow. Update your password with them, know that Zappos will not ask for account information in emails (and any emails soliciting such information is likely fraudulent) and if you use the same password across multiple sites, change it at those other sites.

Generally, it is good practice to make strong passwords for any site that has your financial information and to consider using one of the free mail services such as Microsoft’s Hotmail or Google’s Gmail because both work hard to protect you from security threats. You can create an address that is specific to those sites and that is separate from your personal or work email.

As for passwords, you can customize each to a strong password so that if one site suffers a data breach that you don’t have to change all of your passwords. For example, if you use a password like “Ilike44cows@” you can use “ilike44amzncows@” or something similar. This particular example might be too long, but choose something that means something to you but is unlikely to be guessable by a hacker using dictionary words or common passwords.

Popular sites are attractive targets for hackers, and even the most robust security structure will have vulnerabilities. To protect our personal and financial security we have to do our part by using strong passwords, reading commercial emails with a skeptical eye and monitoring our accounts.

James Stein January 25, 2012 at 09:22 PM
The Zappos hackers seem to have accessed some of the information stored in retailer's customer profiles. We don't know whether or not the criminals have been able to actually access the customers' accounts, as we don't know if they could have retrieved the passwords. Yet, even if they did, that wouldn't have done them much good. What could have happened? Let's say that they attempted to place an order. Well, even if it did go through, which is unlikely, it would've been disputed by the cardholder who would have been reimbursed for any possible losses. Aside from that, any card data that may have been stored in a hacked profile would have been perfectly unusable, because it only shows the last 4 digits of the account number. The bottom line is that, as the data breach was immediately discovered and the customer passwords reset, the hackers would have been left with such information that they could have found on Yellow Pages, with much less trouble and for free. For a more detailed analysis: http://blog.unibulmerchantservices.com/the-zappos-data-breach-10-days-on-the-lessons-continue.
Jean Westcott January 26, 2012 at 04:48 PM
James, very helpful discussion. Still the best practice is to use strong passwords, not use them universally and keep track of your accounts. The advice that Zappos shared seemed reasonable. Always a good chance to make sure your house is in good order. The way that a company handles these situations (Zappos was open, quick to communicate) says a lot about their ethos.

Boards

More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something