(LiveHacking.Com) – Online shoes and clothing retailer Zappos.com has suffered a security breach. During the attack the hacker managed to gain access to parts of Zappos’ internal network through one of its servers in Kentucky. Zappos however say that the secure databases with the credit details and other payment data was not accessed. On Sunday the company CEO Tony Hsieh sent an email to Zappos employees announcing the attack and previewed an email that will be sent to its customers.
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
The email then goes on to reassure customers that the secure database that stores their critical credit card and other payment data was NOT affected or accessed. It then asks customers to create new passwords. Due to the huge number of affected people, somewhere in the region of 20 million, Zappos are shutting down their customer support phone lines and are focusing on answering questions by email.
The recent security breach at Stratfor allowed security researchers to break over 80,000 of the nearly 1 millions passwords, which had been posted online, in just 5 hours. This is due to advances in cracking hashed passwords using the processing power of modern graphic cards. Although the Zappos passwords have been reset, it is important that users change their password on any other website where they inadvertently used the same password.